Hola y buenos dias a todos.
En principio, pediros disculpas por mi ausencia, pero el trabajo manda, y mas en esta epoca.
Tal y como me pediais, os inserto un volcado del error.log del apache2
-----------------------------------------------------------------------------------------------
[Mon Nov 19 23:18:37 2012] [error] [client 211.152.55.131] File does not exist: /var/www/phpmyadmin1
[Mon Nov 19 23:18:38 2012] [error] [client 211.152.55.131] File does not exist: /var/www/phpmyadmin2
[Mon Nov 19 23:18:39 2012] [error] [client 211.152.55.131] File does not exist: /var/www/pma
[Mon Nov 19 23:18:40 2012] [error] [client 211.152.55.131] File does not exist: /var/www/web
[Mon Nov 19 23:18:42 2012] [error] [client 211.152.55.131] File does not exist: /var/www/xampp
[Mon Nov 19 23:18:43 2012] [error] [client 211.152.55.131] File does not exist: /var/www/web
[Mon Nov 19 23:18:44 2012] [error] [client 211.152.55.131] File does not exist: /var/www/php-my-admin
[Mon Nov 19 23:18:45 2012] [error] [client 211.152.55.131] File does not exist: /var/www/websql
[Mon Nov 19 23:18:50 2012] [error] [client 211.152.55.131] File does not exist: /var/www/phpMyAdmin
[Mon Nov 19 23:18:25 2012] [error] [client 211.152.55.131] File does not exist: /var/www/admin
[Mon Nov 19 23:18:26 2012] [error] [client 211.152.55.131] File does not exist: /var/www/db
[Mon Nov 19 23:18:27 2012] [error] [client 211.152.55.131] File does not exist: /var/www/dbadmin
[Mon Nov 19 23:18:28 2012] [error] [client 211.152.55.131] File does not exist: /var/www/myadmin
[Mon Nov 19 23:18:29 2012] [error] [client 211.152.55.131] File does not exist: /var/www/mysql
[Mon Nov 19 23:18:31 2012] [error] [client 211.152.55.131] File does not exist: /var/www/mysqladmin
[Mon Nov 19 23:18:32 2012] [error] [client 211.152.55.131] File does not exist: /var/www/typo3
[Mon Nov 19 23:18:33 2012] [error] [client 211.152.55.131] File does not exist: /var/www/phpadmin
[Mon Nov 19 23:18:34 2012] [error] [client 211.152.55.131] File does not exist: /var/www/phpMyAdmin
[Mon Nov 19 23:18:36 2012] [error] [client 211.152.55.131] File does not exist: /var/www/phpmyadmin
Creo que si yo quisiera que mi rc.fire (script lanzado iptables) añadiera la regla:
iptables -A INPUT -p tcp -s [ LA IP ATACANTE] --dport 80 -j DROP
Seria una forma medianamente fiable de evitar "sorpresas"...
Cada vez que se cumpla la condicion [error] [client 211.152.55.131] file does not exist
se añadiria al rc_fire.sh y medio estaria protegido....
Quiero agradecer las respuestas que he recibido, pero lamento no entender lo que el compañero me dijo de hacer "SNORT"... algo he leido, pero para tener las ultimas reglas de snort, hay que pagar.... y la cosa ta mu malitaaaaa.
En cualquier caso, recibid mi agradecimiento y espero alguna contestacion.
Saludos cordiales
EA5GHE