That's a good point about fail2ban. We actually use that on one of our other servers. I've asked Curt to look into installing it on this server, as well. It might not fix this issue, but it certainly wouldn't be a bad idea to run on this web server.
Chris On Fri, May 7, 2010 at 2:01 PM, Mark J. Bailey <m...@jobsoft.com> wrote: > I don’t know about this particular type of request, but fail2ban ( > http://www.fail2ban.org/wiki/index.php/Main_Page) does some apache log > scanning and will block IPs under certain criteria to limit attempts like > this. I don’t use it here but a customer in east Tennessee does and has > been pleased with it. I have been considering it myself but just have not > had time yet to really dig on it. > > > > *From:* nlug-talk@googlegroups.com [mailto:nlug-t...@googlegroups.com] *On > Behalf Of *Chris McQuistion > *Sent:* Friday, May 07, 2010 1:31 PM > *To:* nlug-talk > *Subject:* [nlug] Anyone know what these httpd log messages might mean? > > > > I been getting the following messages in my Logwatch emails for a few > weeks, now. > > > > These started after I took this RHEL 4 server and did a physical to virtual > migration over to VMware. I then upgraded it to CentOS 4, since the RHEL > subscription ran out. > > > > This server primarily runs as a web server, using Coldfusion to tap into an > Oracle database to display data on the web pages. The system seems to be > working. I just get a VERY long Logwatch email every day with these errors. > I'm including just a short bit, below. > > > > From what I've been able to discern, these "200" responses may just be "OK > messages" to indicate that responses were received. If things are OK, then > why is it included in Logwatch (which usually just alerts you when something > has gone wrong?) > > > Chris > > > > > > --------------------- httpd Begin ------------------------ > > > A total of 156 unidentified 'other' records logged > GET > /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5EZ%28%2DN%2BP%20%20%0A > HTTP/1.1 with response code(s) 200 1 responses > GET > /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5EYH1G%290%20%20%0A > HTTP/1.1 with response code(s) 200 2 responses > GET > /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5E%5B%28%29N%28P%20%20%0A > HTTP/1.1 with response code(s) 200 3 responses > POST /empower/fusebox.cfm?fuseaction=ECSSRG90 HTTP/1.1 with response > code(s) 200 1 responses > GET /empower/logout.cfm HTTP/1.1 with response code(s) 200 7 responses > GET /empower/fusebox.cfm?fuseaction=WEBCOQ03&last_page= HTTP/1.1 with > response code(s) 200 4 responses > GET > /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5B%5B81N%28P%20%20%0A > HTTP/1.1 with response code(s) 200 1 responses > GET > /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3FZZX%29H%2BP%20%20%0A > HTTP/1.1 with response code(s) 200 2 responses > GET > /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5B%5BXIF%290%20%20%0A > HTTP/1.1 with response code(s) 200 2 responses > GET > /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3FZ%5B8%25G%29%40%20%20%0A > HTTP/1.1 with response code(s) 200 1 responses > GET > /empower/fusebox.cfm?fuseaction=WEBSRQ02Image&id=%27%28%20%3F%5FYHIM%29%40%20%20%0A > HTTP/1.1 with response code(s) 200 2 responses > > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to nlug-talk@googlegroups.com > To unsubscribe from this group, send email to > nlug-talk+unsubscr...@googlegroups.com<nlug-talk%2bunsubscr...@googlegroups.com> > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to nlug-talk@googlegroups.com > To unsubscribe from this group, send email to > nlug-talk+unsubscr...@googlegroups.com<nlug-talk%2bunsubscr...@googlegroups.com> > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
