Hi all, sorry to bother, but has anyone else noticed a bunch of 408
(client timed out) requests beginning last evening?
Some but not all of these have also been trying the Nimda exploit. Perhaps
Nimda (or another Micro$oft product) is screwing up the clients?
nick@world /usr/local/apachessl/bin>perl -e
'open(L,"/home/nick/logs/httpd_log"); while(<L>){
chomp;my $r=m/408/?"4":m/cmd|root|c\+di/?"w":"";
if($r){$_=~s/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*/$1/;$c{$r}{$_}++;}}
foreach(sort{ $c{4}{$a}<=>$c{4}{$b} } keys %{ $c{4} }){
print"$_\t\t[$c{4}{$_}]\t[$c{w}{$_}]\n";}'
207.249.143.170 [1] []
207.160.174.25 [1] []
62.149.161.207 [1] []
62.116.29.17 [1] []
207.113.14.149 [1] []
209.129.49.65 [1] []
207.168.157.118 [1] []
207.202.38.140 [1] []
61.134.13.47 [1] []
207.113.21.89 [1] []
24.67.119.127 [1] []
209.89.119.5 [1] []
199.201.128.19 [1] [2]
207.113.25.50 [1] []
207.42.186.90 [1] []
207.113.25.249 [2] []
207.40.42.66 [3] []
207.153.76.249 [4] []
207.241.153.3 [5] []
207.12.40.51 [6] [16]
207.183.55.149 [6] []
207.217.138.18 [6] []
207.215.53.116 [7] []
207.152.93.12 [8] []
207.152.93.17 [8] []
207.77.187.76 [8] []
207.71.8.190 [8] [384]
207.32.123.115 [9] []
207.252.220.55 [12] []
207.228.113.164 [12] []
207.242.45.234 [12] []
207.71.105.133 [13] [112]
207.30.192.101 [14] []
207.248.190.158 [15] []
207.105.76.201 [15] []
207.215.126.141 [15] []
207.232.253.221 [16] []
207.245.74.7 [16] []
206.221.254.59 [16] []
207.97.117.43 [16] []
207.208.128.185 [16] []
207.203.42.126 [16] []
207.190.221.23 [16] []
207.227.70.194 [16] []
207.127.178.25 [16] []
207.178.85.42 [16] []
207.153.199.78 [16] []
207.153.229.122 [16] []
207.236.169.100 [16] []
207.88.22.128 [16] []
207.252.1.68 [16] []
207.170.35.143 [16] []
207.212.64.137 [16] []
207.76.239.206 [16] []
207.196.218.5 [16] []
207.137.76.119 [17] []
207.71.228.1 [91] [274]
~~~~~~~~~~~
Nick Tonkin
