1

When i logged on cpanel this morning, i noticed tens of thousands of requests for pages that don't exist coming from a few IPs.

links such as : /cgi-bin/1998, /cgi-bin/1999, /cgi-bin/2000 etc..

What are they trying to do and how to protect myself against it ?

They're still scanning the site as we speak.

1 Answers1

1

Setup Fail2Ban, or it's equivalent, to automatically block the IP addresses scanning you. They may try again from other IP addresses but this will radically slow them down. It will also make their efforts more expensive labor-wise and in most cases, it will stop them quickly.

Fail2Ban is easy to setup quickly. Once you have more time look into tools like mod_security and integrate that into your Fail2Ban setup.

Trey Blalock
  • 14,109
  • 6
  • 43
  • 49