On 06:59, Norman Khine wrote:
i get these in my
# tail -f /var/log/apache2/error_log
[Tue Aug 17 15:13:00 2010] [notice] Apache/2.2.15 (Unix)
mod_ssl/2.2.15 OpenSSL/0.9.8o configured -- resuming normal operations
[Tue Aug 17 15:14:56 2010] [error] [client 188.165.201.59] File does
not exist: /var/www/localhost/htdocs/test_500k.bin
[Tue Aug 17 15:14:56 2010] [error] [client 188.165.201.59] File does
not exist: /var/www/localhost/htdocs/2816eca5251644b60664d581cb953980
[Tue Aug 17 15:16:26 2010] [error] [client 89.19.18.114] client sent
HTTP/1.1 request without hostname (see RFC2616 section 14.23):
/w00tw00t.at.ISC.SANS.DFind:)
[Tue Aug 17 15:17:56 2010] [error] [client 188.165.201.59] File does
not exist: /var/www/localhost/htdocs/test_500k.bin
[Tue Aug 17 15:17:56 2010] [error] [client 188.165.201.59] File does
not exist: /var/www/localhost/htdocs/2816eca5251644b60664d581cb953980
[Tue Aug 17 15:19:20 2010] [error] [client 79.233.232.211] File does
not exist: /var/www/localhost/htdocs/101f39bf5983c67258518552c0d8d50f
[Tue Aug 17 15:19:20 2010] [error] [client 79.233.232.211] File does
not exist: /var/www/localhost/htdocs/101f39bf5983c67258518552c0d8d50f
[Tue Aug 17 15:20:30 2010] [error] [client 203.127.11.214] client sent
HTTP/1.1 request without hostname (see RFC2616 section 14.23):
/w00tw00t.at.ISC.SANS.test0:)
[Tue Aug 17 15:20:56 2010] [error] [client 188.165.201.59] File does
not exist: /var/www/localhost/htdocs/test_500k.bin
[Tue Aug 17 15:20:56 2010] [error] [client 188.165.201.59] File does
not exist: /var/www/localhost/htdocs/2816eca5251644b60664d581cb953980
from the IP addresses i see they originate from turkey, singapore and
from users from within ovh.com this is my host.
does this mean that my server is being probed?
thanks
Hi Norman,
Yes, the w00tw00t is a good sign of probing. It is one of many that you
will get to know (but probably not love!) if you watch your logs. They
are looking for ways to compromise your server for whatever nefarious
purposes. I suggest you implement a default name virtual host that
rejects all requests. That will at least stop those that are just
scanning IP addresses looking for responses on port 80. (No prober has
yet found my server by name, though about 60% of my total traffic is
IP-addressed probes.)
Regards,
Peter
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org