Hi all. In the past week, I reset my Apache logs and got Analog setup to run every hour. I'm noticing a very large number of page requests from Taiwan and Japan (well, maybe not VERY large, but definetly much more than I would expect). Analog also indicates that in the past week I've had 500+ unique visitors. Before I took the site down for a server rebuild, I was hovering around 700 unique visitors over a 6 month period - 500 in less than a week seems too high.
You can see the logs at http://logs.open2space.com/open2space/index.html. Now, seeing as the www.open2space.com website was effectively down for the past couple of months, I was very surprised to see 200+ page requests from external sources within the first couple of hours of the site being back up. The site has never received too many hits. I have not announced publicly that the site was up and running again yet either - though a few coworkers are aware it is. It seems the requests are primarily for the root web page. Now, to add to the plot, I changed the root directory for open2space.com via a virtual host setting. Prior to this I happened to find a "B2" folder under the web root that was empty. I don't remember creating this folder, but might have. Regardless, it's been deleted. I've also run chkrootkit on the box with nothing suspicious found. So, I'm curious to know if the traffic is legitimate, or if maybe I need to tighten down my server a little more - I'm reasonably confident it's fairly secure as is. Anyone have any thoughts? Or are there any command line tools I could use to glean more info from my logs? Thanks muchly for any feedback. Shawn _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
