In the Fail2Ban section of the report, I'm frequently getting the snippet below.
A total of 1 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
null HTTP Response 200
Then in the HTTPD section of the report, I'm seeing output such as below
(this is just a small snippet of a day's report):
Requests with error response codes
400 Bad Request
/: 14 Time(s)
null: 8 Time(s)
/0bef: 6 Time(s)
Question 1: has anyone seen this before, and do I have a serious
problem? I'm not noticing anything amiss in my server's operation...
Question 2: I have been trying to locate the exact log lines in /var/log/nginx/access.log and /var/log/nginx/error.log by manually tailing my logs and by using grep to search. But so far I have failed. Can anyone advise me of a way to locate these lines effectively?
Any other useful advice would be much appreciated. --- With all best wishes, Dave
0xA4FB3059.asc
Description: application/pgp-keys
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
