![](https://seccdn.libravatar.org/avatar/7891b1b1a5767f4b9ac1cc0723cebdac.jpg?s=120&d=mm&r=g)
Carlos E.R. wrote:
Should I try to implement something in the firewall that blocks IPs that attempt on vulnerabilities, somehow? If there is such a tool.
Much depends on what you are running on your Apache server. There are many vulnerable apps out there. Maybe study your logs and pick the most frequent patterns, then configure apache to refuse them.
No apps.
There is a /srv/cgi-bin that came with the installation or the example, but the "external" vhost doesn't have it. Just a static index.html file with a "hello you".
Then you have nothing to worry about, Apache by itself is very safe. Typically the risks increase as you put php apps on it. wordpress, moodle, roundcube etc etc. Mind you, if you want to be absolutely safe, just stop apache :-) -- Per Jessen, Zürich (8.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland.