The fail2ban wiki at Wikipedia has a bit more info too: http://en.wikipedia.org/wiki/Fail2ban
From: nlug-talk@googlegroups.com [mailto:nlug-t...@googlegroups.com] On Behalf Of Mark J. Bailey Sent: Friday, May 07, 2010 2:01 PM To: nlug-talk@googlegroups.com Subject: RE: [nlug] Anyone know what these httpd log messages might mean? I don't know about this particular type of request, but fail2ban (http://www.fail2ban.org/wiki/index.php/Main_Page) does some apache log scanning and will block IPs under certain criteria to limit attempts like this. I don't use it here but a customer in east Tennessee does and has been pleased with it. I have been considering it myself but just have not had time yet to really dig on it. From: nlug-talk@googlegroups.com [mailto:nlug-t...@googlegroups.com] On Behalf Of Chris McQuistion Sent: Friday, May 07, 2010 1:31 PM To: nlug-talk Subject: [nlug] Anyone know what these httpd log messages might mean? I been getting the following messages in my Logwatch emails for a few weeks, now. These started after I took this RHEL 4 server and did a physical to virtual migration over to VMware. I then upgraded it to CentOS 4, since the RHEL subscription ran out. This server primarily runs as a web server, using Coldfusion to tap into an Oracle database to display data on the web pages. The system seems to be working. I just get a VERY long Logwatch email every day with these errors. I'm including just a short bit, below. >From what I've been able to discern, these "200" responses may just be "OK messages" to indicate that responses were received. If things are OK, then why is it included in Logwatch (which usually just alerts you when something has gone wrong?) Chris --------------------- httpd Begin ------------------------ A total of 156 unidentified 'other' records logged GET /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5EZ%28%2DN%2 BP%20%20%0A HTTP/1.1 with response code(s) 200 1 responses GET /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5EYH1G%290%2 0%20%0A HTTP/1.1 with response code(s) 200 2 responses GET /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5E%5B%28%29N %28P%20%20%0A HTTP/1.1 with response code(s) 200 3 responses POST /empower/fusebox.cfm?fuseaction=ECSSRG90 HTTP/1.1 with response code(s) 200 1 responses GET /empower/logout.cfm HTTP/1.1 with response code(s) 200 7 responses GET /empower/fusebox.cfm?fuseaction=WEBCOQ03&last_page= HTTP/1.1 with response code(s) 200 4 responses GET /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5B%5B81N%28P %20%20%0A HTTP/1.1 with response code(s) 200 1 responses GET /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3FZZX%29H%2BP%2 0%20%0A HTTP/1.1 with response code(s) 200 2 responses GET /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5B%5BXIF%290 %20%20%0A HTTP/1.1 with response code(s) 200 2 responses GET /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3FZ%5B8%25G%29% 40%20%20%0A HTTP/1.1 with response code(s) 200 1 responses GET /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5FYHIM%29%40 %20%20%0A HTTP/1.1 with response code(s) 200 2 responses -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
