On 11/14/20 7:11 PM, Dave in Dalek Zone wrote:
Hi, I am running fail2ban on my Ubuntu 18.04 Nginx-powered server
running multiple vhosts, with Logwatch giving me a report in my mailbox
every morning.
In the Fail2Ban section of the report, I'm frequently getting the
snippet below.
A total of 1 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
null HTTP Response 200
Then in the HTTPD section of the report, I'm seeing output such as below
(this is just a small snippet of a day's report):
Requests with error response codes
400 Bad Request
/: 14 Time(s)
null: 8 Time(s)
/0bef: 6 Time(s)
Question 1: has anyone seen this before, and do I have a serious
problem? I'm not noticing anything amiss in my server's operation...
Question 2: I have been trying to locate the exact log lines in
/var/log/nginx/access.log and /var/log/nginx/error.log by manually
tailing my logs and by using grep to search. But so far I have failed.
Can anyone advise me of a way to locate these lines effectively?
Any other useful advice would be much appreciated.
---
With all best wishes,
Dave
Hello,
Excuse me, but your problem - your concern, is not related to the
Fail2Ban but to the tool Logwatch, right ?
If I'm right, then the best place to discuss your concerns is here:
https://sourceforge.net/p/logwatch/discussion/
https://sourceforge.net/p/logwatch/discussion/1115929
--
Kind regards,
📜 GnuPG Fingerprint: 5003 03E8 CA50 1878 06D9 3AEA FC25 8330 FE34 8E41
🖊️ Use plain text => https://useplaintext.email/
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
