ZoneMinder Forums

I found these client IP addresses in my apache error log and non of these are addresses
that I have used. Is a strong password enough or do I need a software to protect my
system? thanks.

[Fri Dec 11 01:06:18 2009] [error] [client 71.96.21.105] File does not exist: /var/www/MNG
[Fri Dec 11 07:27:55 2009] [error] [client 121.10.141.208] File does not exist: /var/www/scripts
[Fri Dec 11 07:27:56 2009] [error] [client 121.10.141.208] File does not exist: /var/www/scripts
[Fri Dec 11 07:27:57 2009] [error] [client 121.10.141.208] File does not exist: /var/www/phpMyAdmin
[Fri Dec 11 07:27:58 2009] [error] [client 121.10.141.208] File does not exist: /var/www/sql
[Fri Dec 11 07:27:59 2009] [error] [client 121.10.141.208] File does not exist: /var/www/mysql
[Fri Dec 11 10:57:11 2009] [error] [client 71.96.21.105] File does not exist: /var/www/MNG
[Fri Dec 11 23:34:56 2009] [error] [client 61.139.105.163] File does not exist: /var/www/fastenv
[Sat Dec 12 01:58:17 2009] [error] [client 61.160.216.63] script '/var/www/prx2.php' not found or unable to stat
[Sat Dec 12 05:02:09 2009] [error] [client 89.200.172.132] File does not exist: /var/www/user
[Sat Dec 12 07:09:53 2009] [error] [client 67.18.244.106] File does not exist: /var/www/phpMyAdmin
[Sat Dec 12 07:12:13 2009] [error] [client 67.18.244.106] File does not exist: /var/www/phpmyadmin

Yes...a bot is trying to look for insecure systems.

You should install fail2ban: http://www.fail2ban.org/wiki/index.php/Apache

I don't think fail2ban would block that... that is some one typing random links on the browser to your site... fail2ban can only block those who fail to connect...

This is very likely BOT activity looking for know weaknesses in those applications.
If you don't have any of those applications installed, you have not to much to be concerned about.

Fail2ban only works with PAM and the SSH server, so unless you have port 22 open you do not need it.

All I have on the system is zoneminder for home surveillance but, I would still like to have
it secure. I use Putty to occasionally access the system. How do I change that to another
port other than port 22? thanks

whatboy wrote:I don't think fail2ban would block that... that is some one typing random links on the browser to your site... fail2ban can only block those who fail to connect...

fail2ban won't directly, but any _public_ computer on the internet needs to have fail2ban anyway. Some distros install stupid things by default that are prone to brute force attacks.

You can change the port in the ssh config, typically located in /etc/ssh(d) but is distro dependent.

Or just disable root access, most kiddy attacks use common names for user name, like root, admin, administrator, etc...