My server has somehow found its self on the end of some strange
behaviour originating from the Pushdo botnet as described here:
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100129
The infected hosts basically connect to the HTTPS port, send some
garbage and then disconnect without the SSL negotiation even being
completed. My error log is full of stuff like this:
[Mon Feb 01 18:19:37 2010] [error] unusably short session_id provided (1
bytes)
Apache doesn't seem to log the IP address when this happens ... Is there
any way of making it log that information somewhere?
--
Mike Cardwell : UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
