> Hi, I'm seeing Googlebot trip up apache-overflows rule consistently > but I don't find anyone else with this issue in my searching. Is this > known problem or some other possible reason? I whitelisted the > ip range but I'd like to know more about why this happens. Sample > log: > > error.log:[Wed Aug 05 13:38:29 2015] [error] [client 66.249.75.201] > Invalid method in request \x16\x03 > > error.log:[Wed Aug 05 18:33:13 2015] [error] [client 66.249.75.201] > Invalid method in request \x16\x03\x01
No one see this? More research into access logs I see normal hits from googlebot like: 66.249.69.36 - - [02/Aug/2015:11:28:41 +0200] "GET /index.html HTTP/1.1" 200 2370 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" But often hits from their IP range looking like this: 66.249.75.114 - - [03/Aug/2015:14:52:32 +0200] "\x16\x03\x01" 501 268 "-" "-" Why is this coming from google? Someone trick their search engine? Maybe better to block this? but if I do, because it using same range as the googlebot means googlebot sometime think website is inaccessible? so lower search rankings? PS Although interesting also I see many hits from the IP range they own with user agent looking like real persons mobile phone, do they test the bot with "real" user agent string? 66.249.81.243 - - [02/Aug/2015:16:35:05 +0200] "GET /index.html HTTP/1.1" 200 2118 "-" "Mozilla/5.0 (Linux; Android 4.1.2; LT26i Build/6.2.B.1.96) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.93 Mobile Safari/537.36" (yes, i also see googlebot-mobile requests so why do they have things that look like this, no indication of robot, do they have real people on the same range? is that why i see the apache-overflow jail triggered? by some real person who got access to google IP range? btw, whois says this range is they own 66.249.64.0/19 ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
