Detecting scans and what to do about them?

Discussion in 'Linux VPS/Dedicated - General' started by Leomania, Sep 3, 2006.

  1. Leomania

    Leomania New Member

    I've noted some scans occurring against Apache on my VPS. They appear to have been against the IP address as the errors appear in the global error_log, not in any of the per-user logs. The scans are looking for specific applications, like horde, horde2, horde3, phpMyChat, etc. and while they will never find anything, I'm happy to ban them. But as a proactive global measure, is there anything similar to denyhosts or fail2ban that can see in the error logs that a particular IP is trying various URLs that don't work in fast succession and grab that IP for banning?
     
  2. ppc

    ppc Moderator

Share This Page