Fortunately, we didn't have any flooding. The water came up pretty high and
our parking lots were flooded, but the main building and residence halls are
fine.
Chris
On Fri, May 7, 2010 at 3:13 PM, Mark J. Bailey wrote:
> It is mind numbing to scan logs like httpd logs and see the crap your we
It is mind numbing to scan logs like httpd logs and see the crap your web
server is hammered with constantly. I have been meaning to do some
traffic analysis on all httpd traffic to mine to get an idea of how much
bandwidth (not to mention CPU resources) is being taken up by this
garbage. This ha
That's a good point about fail2ban. We actually use that on one of our other
servers. I've asked Curt to look into installing it on this server, as
well. It might not fix this issue, but it certainly wouldn't be a bad idea
to run on this web server.
Chris
On Fri, May 7, 2010 at 2:01 PM, Mark J
If only it were possible (and not to mention legal) to send back ACKs that
would actually detonate! :-)
-Original Message-
From: nlug-talk@googlegroups.com [mailto:nlug-t...@googlegroups.com] On
Behalf Of Michael Chaney
Sent: Friday, May 07, 2010 2:31 PM
To: nlug-talk@googlegroups.com
Sub
> GET
> /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5FYHIM%29%40%20%20%0A
> HTTP/1.1 with response code(s) 200 2 responses
It's an automated hack utilizing a buffer overflow or something.
Unless you have something installed that responds to WEBSRQ02Image
(probably some sort of p
Response code 200 is a success message as you suggest. not certain why it
is being logged by logwatch, but, you should be in good shape.
On Fri, May 7, 2010 at 1:31 PM, Chris McQuistion wrote:
> I been getting the following messages in my Logwatch emails for a few
> weeks, now.
>
> These started
The fail2ban wiki at Wikipedia has a bit more info too:
http://en.wikipedia.org/wiki/Fail2ban
From: nlug-talk@googlegroups.com [mailto:nlug-t...@googlegroups.com] On
Behalf Of Mark J. Bailey
Sent: Friday, May 07, 2010 2:01 PM
To: nlug-talk@googlegroups.com
Subject: RE: [nlug] Anyone know what t
I don't know about this particular type of request, but fail2ban
(http://www.fail2ban.org/wiki/index.php/Main_Page) does some apache log
scanning and will block IPs under certain criteria to limit attempts like
this. I don't use it here but a customer in east Tennessee does and has
been pleased wi
Not sure Chris, but, someone may have somehow detected (or guessed
blindly) that you have Coldfusion and is just hitting you with random
things trying to incur a buffer overflow or the like to penetrate the
system. I see similar crap like this in my httpd log and I don't do
anything fancy but apac
On Fri, May 7, 2010 at 1:31 PM, Chris McQuistion
wrote:
> I been getting the following messages in my Logwatch emails for a few weeks,
> now.
> These started after I took this RHEL 4 server and did a physical to virtual
> migration over to VMware. I then upgraded it to CentOS 4, since the RHEL
>
I been getting the following messages in my Logwatch emails for a few weeks,
now.
These started after I took this RHEL 4 server and did a physical to virtual
migration over to VMware. I then upgraded it to CentOS 4, since the RHEL
subscription ran out.
This server primarily runs as a web server,
I've got an LSI U160 SCSI card (long, 64 bit PCI) and a cable and a couple
36 GB 15K Seagate drives, if you want them. They've been sitting in storage
for years.
Chris
On Fri, May 7, 2010 at 11:47 AM, Chris Faulkner wrote:
> Anyone have a Ultra 320 68 pin card and cable you're not using I can
>
Anyone have a Ultra 320 68 pin card and cable you're not using I can
borrow for a little while? Or buy it off of you?
--
You received this message because you are subscribed to the Google Groups
"NLUG" group.
To post to this group, send email to nlug-talk@googlegroups.com
To unsubscribe from th
13 matches
Mail list logo
