Results 1 to 4 of 4

Thread: logwatch httpd

  1. #1
    kavi2
    Guest

    Default logwatch httpd

    As the root of my system, i saw a message today in my logwatch.
    " a total of 1 user probed the server" followed by an ip address.
    what does this mean?
    Is there any security breach?

  2. #2
    Senior Member monk's Avatar
    Join Date
    Jan 2005
    Location
    Tibet
    Posts
    643
    Thanks
    5
    Thanked 43 Times in 38 Posts
    Rep Power
    15

    Default

    Maybe...
    Somebody doing penetration Testing for your Web Application/server. Or may be try to just something bas. This message can be coz of virus too ... it is better to use Apahce modsecuirty http://www.modsecurity.org/ which is Open source Intrusion Detection and Prevention module for Web applications.
    Also check out http://httpd.apache.org/docs/2.0/mod..._forensic.html - Apahces' forensic module which also gives good info.

  3. #3
    Junior Member
    Join Date
    Sep 2005
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    i temporarily stopped my httpd. would that solve the problem. since i use ssh to allow remote access, i am assuming it is safe. for the while i dont need my web server running.
    what do u say?

  4. #4
    Is that all you got? rockdalinux's Avatar
    Join Date
    May 2005
    Location
    Planet Vegeta
    Posts
    987
    Thanks
    27
    Thanked 71 Times in 62 Posts
    Rep Power
    19

    Default

    kavi, yup when you stop httpd you are safe for while. It is better to use firewall (I hope you got one) and run only needed services. You also need to make sure that sshd is also secure. Btw what distro you are using? If it is old ssh server upgrade it; old ssh server is know for ssh user attacks.
    Rocky Jr.
    What's wrong? I hope I am not making you uncomfortable...

    Never send a boy to do a mans job.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. httpd.conf deleted! How to re-generate? Any Scripts?
    By vivekv in forum Shell scripting
    Replies: 1
    Last Post: 17th July 2008, 05:13 PM
  2. httpd.conf deleted! How to re-generate?
    By vivekv in forum Getting started tutorials
    Replies: 2
    Last Post: 17th January 2008, 03:45 PM
  3. httpd process
    By vimalgoel in forum Getting started tutorials
    Replies: 1
    Last Post: 8th October 2007, 12:40 AM
  4. HTTPD dead but subsys locked
    By surmandal in forum Web servers
    Replies: 10
    Last Post: 31st July 2007, 08:53 AM
  5. Linux create self signed ssl certificate for Apache httpd server
    By raj in forum Getting started tutorials
    Replies: 0
    Last Post: 5th May 2007, 01:23 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •