Webserver attacks

Whisperity whisperity at gmail.com
Sat Feb 18 11:16:19 UTC 2012 

Greetings!

I wanted to share my little script with you, server owners. A week or two
ago I have set up an Ubuntu server box, with some services (Apache, MySQL)
for personal usage. But my webserver is getting attacked by flood bots from
time to time, so I needed to develop a wall (using Shorewall firewall) for
it, and an easy manage script.

The two script files (ip.sh and log.sh) are the swiss army knife for me
right now. (You need to put them into your webserver log folder
(/var/log/apache2))
What I am asking for, knowing that people here are developers with more
knowledge than me
- log.sh: lists the access.log (or anything else log file specified in the
first argument) and filters out the "banned" IP-list
- ip.sh: (needs to run as root) manages the IP filtering (also adjusts
Shorewall's blacklist)

I have attached two log files, somewhat fresh from my webserver. They seems
to be some sort of vulnearability checks, should I be worried? Can you
please give me some more tips on how to improve my server's security?

Some more information which might help us identify problems:
- Server is basically a desktop computer with Ubuntu server OS on it.
- 320 GB HDD, in the following setup:
-        /dev/sda - boot record in MBR
-        /dev/sda1 (/boot, ext4, ~2 GiB) - /boot stuff
-        /dev/sda2 (/, ext4,  ~233 GiB) - everything else
-        /dev/sda5 (swap, swap, ~6 GiB) - swap space
- TP-LINK 1043ND router with Firewall
- Shorewall firewall on the server itself (I have attached the
configurational files for Shorewall too)
- Installed services:
-   * Apache, MySQL
-   * SSH
-   * Samba

$ uname -a
Linux the-server 2.6.38-13-server #54-Ubuntu SMP Tue Jan 3 13:55:59 UTC
2012 x86_64 x86_64 x86_64 GNU/Linux

Sorry if my e-mail was a little bit hard to understand. Any help is
appreciated.

-- Whisperity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20120218/02846133/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fhscan.log
Type: application/octet-stream
Size: 123528 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20120218/02846133/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ZmEu.log
Type: application/octet-stream
Size: 3620 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20120218/02846133/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ip.sh
Type: application/x-sh
Size: 7534 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20120218/02846133/attachment.sh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.sh
Type: application/x-sh
Size: 937 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20120218/02846133/attachment-0001.sh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: interfaces
Type: application/octet-stream
Size: 395 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20120218/02846133/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: policy
Type: application/octet-stream
Size: 407 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20120218/02846133/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rules
Type: application/octet-stream
Size: 3276 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20120218/02846133/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: zones
Type: application/octet-stream
Size: 349 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20120218/02846133/attachment-0005.obj>

More information about the ubuntu-server mailing list