Hack attacks

Since creating the web site, I've been learning a lot about the role of a Linux admin. One thing I knew was that I needed to do was scan my logs. Since I have a small site that should have little activity it shouldn't too much of an issue. Prior to going to a static IP and hosting I had learned that even dynamic IP's are not immune to the bot search. With a static IP it seems to be worse.

I use ARIN a lot to see where the origination of the attack is coming from. Most of these probes come from APNIC. Most of the attacks are simple Exploit Attacks. Basic simple password attacks, and then my web server logs show a lot of MS web server attacks.

This first pass of security is just blocking certain services on certain ranges. If a probe comes from a certain network range the entire network range will be blocked. I'm not going to block the web server ports, just block a lot of the other services that I have running.

Now I can add something else to program up. A Perl script that scans the secure log. Gets the info from ARIN. Then disables the range.