On Tue, Feb 1, 2011 at 5:28 PM, Anna <ascho...@gmail.com> wrote: > My test XS at home has a FQDN and is open to the outside. Therefore this is > probably a pretty rare issue in XS land, but I thought I'd ask. > > I noticed my "ambient" rx/tx traffic on eth0 had gone from really low (like > 0.1 to 0.7 kB/s) to hovering between 5-20 kB/s. I went through httpd's > access_log and error_log and blocked a bunch of IPs that looked kinda > sketchy. Chinese and Russian search engine bots, script kiddies looking for > phpmyadmin, that kinda stuff.
It can help to block China and Russia but the way spam and denial of service botnets work that is more limited than you might wish. Two tools "denyhosts" and "PortSentry" come to mind. They will deal with many blunt script attacks that come from anyplace on the globe even Iceland ;-) With a system live on the internet it is often valuable to block everything first and then open exactly what you need for exactly those that need it. The number of rules by itself almost does not matter. Sometimes the order of rules matters more. For example you can drop/block all connections to telnet and many other port services in a very early rule and never need to test your long list of IP address blocks. Log files always need to be watched. -- T o m M i t c h e l l mitch-at-niftyegg-dot-com "My lifetime goal is to be the kind of person my dogs think I am." _______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
