I've noted some scans occurring against Apache on my VPS. They appear to have been against the IP address as the errors appear in the global error_log, not in any of the per-user logs. The scans are looking for specific applications, like horde, horde2, horde3, phpMyChat, etc. and while they will never find anything, I'm happy to ban them. But as a proactive global measure, is there anything similar to denyhosts or fail2ban that can see in the error logs that a particular IP is trying various URLs that don't work in fast succession and grab that IP for banning?
Detecting scans and what to do about them?
- Thread starter Leomania
- Start date