0

We noticed that our server is being scanned for standard vulnerabilities like publically exposed myphpadmin and other common security configuration mistakes / failures. What is best locations to redirect such attackers to? Options popping in my head:

What else can be made except redirecting attacker?

Kote Isaev
  • 135
  • 3
  • 1
    A simple 404 is fine. You shouldn't have any administrative admin panels web accessible to the public anyway. – Daniel Widrick Jun 10 '19 at 16:13
  • @DanielWidrick I do not have exposed admin panel without auth, question was about best reaction to try scan for various publically exposed files of comman admin panels, like myphpadmin. Formally I can collect IP addresses into some blacklist table and update related configs with cron job but I just looking for some best practices to follow before I implement some practice finally. – Kote Isaev Jun 11 '19 at 17:29

1 Answers1

4

Return a 404 and move on.

Optionally, discipline bots that don't take the hint. Perhaps fail2ban style firewall rules that drop the connection.

Optionally, log such events centrally such as in a SIEM. Failed attempts are more noise than anything actionable, so don't consider those much of a threat.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34