[TriLUG] Odd. Anyone else seeing this in their Apache logs?
Brian Daniels
bitmage at bellsouth.net
Mon Jan 27 14:16:44 EST 2003
On Mon, Jan 27, 2003 at 01:43:23PM -0500, Jon Carnes wrote:
> The GET may be the check to see if they are successful in breaking into
> your system (putting information onto your system.
>
> It's probably automated, since it is coming in with such a frequency.
> It may be that they are trying to guess some access password.
Oh, now that's a happy thought. Ethereal sees no other traffic from the
IP's though.
> You *could* create the document for them and see if the attempts stop,
> but I think you should firewall those IP's off and attempt to report the
> oddity. Keep in mind that if the activity is malicious then its
> probably coming from a PC that has been shanghaied.
Hmm. Maybe put a 100 meg file there? (evil grin)
I tried adding them to Apache's deny list but it didn't bother them.
They're just as happy to get several 403's a minute as they were with the
404.
Reporting the oddity may be less than effective. I can't claim they're
doing damage or causing denial of service. Just putting a lot of entries
in my error_log.
--Brian
--
Question with boldness even the existence of a god;
because if there be one he must approve of the
homage of reason more than that of blindfolded fear.
--Thomas Jefferson, Aug. 10, 1787
Brian Daniels bitmage at bellsouth.net
http://www.eviloverlord.net
More information about the TriLUG
mailing list