We've found a number of attempts to access non-existent pages in our IIS logs, specifically a lot of variations on phpMyAdmin URLs.
My kneejerk reaction would be to block these IPs, but I have a feeling this is not really a "solution" since the likelihood of multiple attacks from the same IP address are pretty low.
So, is there a best practice here? Should we just ignore them? Should we use some third party tool (I've seen Snort and OSSEC mentioned on this site) to prevent these attempts?
Aucun commentaire:
Enregistrer un commentaire