1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Some 'nice' messages in the log

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by markcarsonboxz, Aug 16, 2010.

  1. markcarsonboxz

    markcarsonboxz New Pleskian

    16
    60%
    Joined:
    Jul 19, 2010
    Messages:
    13
    Likes Received:
    0
    I like to keep an eye on things on the server, particularly log files.

    In the /usr/local/psa/admin/logs/httpsd_access_log file in my installation, I have 1000s of the following:

    I'm not particularly concerned that there is an effort to attempt to brute-force the admin password for Plesk, since it seems there is one attempt every 3 minutes. My password is not in any dictionary as I have made a determined attempt at producing a very strong password that takes around 5mins for me to calculate using an equation.

    Anyway, if in about 500 years, the beast gets my password, it will undoubtedly discover that his ip cannot get in (at least I hope so)

    It is just annoying that, no matter how much is done to prevent this kind of hacking attempt, it just keeps re-appearing! Is there anything I can do to prevent this current attempt?

    (I am planning the upgrade of Plesk to 9.5.2)


    _____________
    Edit: 24 hours later with Plesk updated to 9.5.2, some additional iptables rules and modifications to sysctl and the attacks are still occurring; now with random passwords...

    Is there anyone with any ideas as to how to at least find out the source ip, so this can be blocked at least to stop the log size increasing and with my recent changes to ossec, more emails...?

    My VPS provider does not provide the facility within iptables to use LOG!!?? for whatever reason. I am researching other methods.
     
    Last edited: Aug 17, 2010
Loading...