"Gulp!"... Should I trust ChatGPT's custom virtual_host2.conf recommendation?

J

jlpeifer

Verified User
Joined
Jun 6, 2006
Messages
108
From time-to-time my DA server spits out a "System Load" warning email. I'm not a skilled linux person, so I decided to prompt ChatGPT for its opinion of what might be happening. It asked me to provide a small snippet from the email I received. I fed it a section that began:

IP '45.148.10.119' currently has '986' connections
Click to expand...

It's response was pretty straightforward...

What you're seeing is almost certainly an automated bot or scanner hitting your server very aggressively, and your monitoring system is warning you because the same IP has opened an unusually large number of connections.
Click to expand...

It then asked me to give it a few lines from the /var/log/httpd/access_log, and came back with this response...

This log confirms exactly what kind of activity you were seeing: a fully automated vulnerability scanner searching for leaked cloud credentials and misconfigured infrastructure files.
Click to expand...

After a bit of back-and-forth it ultimately it suggested that I create a custom /usr/local/directadmin/data/templates/custom/virtual_hosts2.conf file that inserted following lines (in red):

{ . . . }

CustomLog |APACHELOGDIR|/|DOMAIN|.bytes bytes
CustomLog |APACHELOGDIR|/|DOMAIN|.log |COMBINED_LOG|
ErrorLog |APACHELOGDIR|/|DOMAIN|.error.log

|*if SUSPENDED_REASON|
<IfModule mod_env.c>
SetEnv reason "|SUSPENDED_REASON|"
</IfModule>
|*endif|

# Global protection against hidden files and common secret/config artifacts
<FilesMatch "^\.">
Require all denied
</FilesMatch>

<FilesMatch "\.(env|ini|log|bak|old|backup|sql)$">
Require all denied
</FilesMatch>

|CUSTOM2|

{ . . . }
Click to expand...

Finally, it said that I needed to run:

cd /usr/local/directadmin/custombuild
./build rewrite_confs
systemctl restart httpd
Click to expand...

As mentioned before, I'm not overly familiar with Linux, so I'm a bit gun-shy. Has CGPT provided solid advice here, or is there something about its suggestion that would create havoc?
 
It'll only block access to these *.env|ini|log|bak|old|backup|sql and files beginning with a dot (.)....

If you use CSF, try turning on and tweaking the SYNFLOOD section....... Won't be 100% foolproof, but it may help.
 
You must log in or register to reply here.
Back
Top