That will be someone probing the site and or a bot, simple way would be to add crowdsec to the server and that will help protect it
https://www.crowdsec.net/ On 25 Aug 2022, at 17:17, John Iliffe <john.ili...@iliffe.ca> wrote: ο»ΏFor the last week we have been getting hit on average about every 3 seconds by a machine that appears to be in Panama. There should be no reason why this machine would want to connect to us. 193.29.60.97 - - [25/Aug/2022:12:12:04 -0400] "GET /favicon.ico HTTP/1.1" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36" 193.29.60.97 - - [25/Aug/2022:12:12:05 -0400] "GET /favicon.ico HTTP/1.1" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36" 193.29.60.97 - - [25/Aug/2022:12:12:06 -0400] "GET /favicon.ico HTTP/1.1" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36" 193.29.60.97 - - [25/Aug/2022:12:12:07 -0400] "GET /favicon.ico HTTP/1.1" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36" 193.29.60.97 - - [25/Aug/2022:12:12:08 -0400] "GET /favicon.ico HTTP/1.1" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36" 193.29.60.97 - - [25/Aug/2022:12:12:10 -0400] "GET /favicon.ico HTTP/1.1" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36" 193.29.60.97 - - [25/Aug/2022:12:12:11 -0400] "GET /favicon.ico HTTP/1.1" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36" 193.29.60.97 - - [25/Aug/2022:12:12:24 -0400] "GET /favicon.ico HTTP/1.1" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36" 193.29.60.97 - - [25/Aug/2022:12:12:26 -0400] "GET /favicon.ico HTTP/1.1" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36" 193.29.60.97 - - [25/Aug/2022:12:12:33 -0400] "GET /favicon.ico HTTP/1.1" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36" While it doesn't appear to be causing us any harm I am wondering why someone would spend the time/money to do so and if there is any way to lock out this one source. Does anyone have any suggestions? Thanks in advance, John ====== --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
