Hello,
Nick ! wrote:
On 4/1/07, Sean Malloy <[EMAIL PROTECTED]> wrote:
I just installed OpenBSD on my server in early March 2007. I am
running an Apache web server out of my house. I am tracking 4.0 STABLE
which I updated the day after the latest security advisory. I recently
noticed some peculiar entries in my Apache error and access logs.
u
From /var/www/logs/error_log:
[Sat Mar 31 07:35:07 2007] [error] [client 211.100.33.61] File does
not exist: /htdocs/Provy_OK.html
[ skipped ]
I have not noticed any weirdness in any other logs files. What can I
do to stop this from happening? Thanks in advance.
You fundamentally can't stop it, based on the HTTP model. You could
throw in some hacks like searching for suspiciousness like this and
adding blocks to those addresses, but that's generally a bad idea
because of all the endusers on DHCP.
Just ignore it. So long as your system is actually secure you have
nothing to worry about (except DDoS but there's no way to prevent that
either).
-Nick
I used to have my logs scanned for these entries, and report them to
the authorities responsible for source IP addresses. Most of them would
go to SBC or Comcast, but some would go to small networks who do like
knowing that their systems are infected or are used for hacking.
-- Pawel.
