Weak Security settings

[Binesh S]

I have found apache logs, an illegal default access


Sat Nov 10 22:59:09 2012] [error] [client 1.1.1.1] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
[Sat Nov 10 22:59:09 2012] [error] [client 2.2.2.2] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
[Sat Nov 10 23:02:06 2012] [error] [client 2.2.2.2] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
[Sat Nov 10 23:04:13 2012] [error] [client 1.1.1.1] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
[Sat Nov 10 23:04:13 2012] [error] [client 1.1.1.1] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
[Sat Nov 10 23:07:10 2012] [error] [client 2.2.2.2] File does not exist: /var/www/vhosts/default/htdocs/autodiscover


Any patch update on this issue ?


FYI 1.1.1.1 & 2.2.2.2 sample IP address


Thanks

 

[IgorG]

You can just block these IPs by firewall at least.

 

[Binesh S]

Yes I have already blocking IP from access. However the access should be block from coding level

Thanks

 

[IgorG]

Yes I have already blocking IP from access. However the access should be block from coding level

Thanks

Do you mean that we should block all known IPs of possible hacker's attacks in Plesk code? Or what do you mean?

 

[Binesh S]

There is utility like fail2ban IP for some time like one hour may prvent excessive access right ? I am not asking to ban all IPs is not good to application like temporarry solution or provide alerts failed attempts