From: Pawel S. Veselov (Pawel.VeselovSun.COM)
Date: Sun Apr 01 2007 - 16:54:05 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Nick ! wrote:
> On 4/1/07, Sean Malloy <spinelli85gmail.com> wrote:
>> I just installed OpenBSD on my server in early March 2007. I am
>> running an Apache web server out of my house. I am tracking 4.0 STABLE
>> which I updated the day after the latest security advisory. I recently
>> noticed some peculiar entries in my Apache error and access logs.
>> u
>> From /var/www/logs/error_log:
>>
>> [Sat Mar 31 07:35:07 2007] [error] [client 211.100.33.61] File does
>> not exist: /htdocs/Provy_OK.html

[ skipped ]

>> I have not noticed any weirdness in any other logs files. What can I
>> do to stop this from happening? Thanks in advance.
>
> You fundamentally can't stop it, based on the HTTP model. You could
> throw in some hacks like searching for suspiciousness like this and
> adding blocks to those addresses, but that's generally a bad idea
> because of all the endusers on DHCP.
> Just ignore it. So long as your system is actually secure you have
> nothing to worry about (except DDoS but there's no way to prevent that
> either).
>
> -Nick
>

I used to have my logs scanned for these entries, and report them to
the authorities responsible for source IP addresses. Most of them would
go to SBC or Comcast, but some would go to small networks who do like
knowing that their systems are infected or are used for hacking.

-- Pawel.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]