My apologies if this has been previously discussed (did not find anything in the forums). I recently started seeing the following in our FMS 4.5 and Apache logs (Windows 2008 R2):
There are literally hundreds and hundreds of these entries in the logs (errors, access, etc) and they’ve increased to the point that these entries far outnumber the legitimate clients/connections in the access.log, for example. At first I asked our admin to block the offending IPs from accessing our network, but the attackers just changed their IPs and the attacks have continued to increase.
So yeah, the server is being probed and brute forced. So what can I do to stop this? I’ve looked at the following:
Any advice on what steps I can take to deal with this problem will be greatly appreciated.