On 11/01/2011 10:06 PM, Alex wrote: [snip] > 222.186.24.108 - - [01/Nov/2011:16:56:46 -0400] "POST /index.php > HTTP/1.1" 404 7169 "http://www.example.com/index.php"; "Mozilla/5.0 > (Windows NT 6.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2" 85912 7610 Don't know if it's an exploit. They are probably scanning web hosts for certain behavior/software. The originating IP is from China Telecom. I see a lot of probing and hacking attempts coming from that region. Quick and dirty solution if the website(s) on that server do not serve the Asian market: just block the offending IP ranges in your firewall and be done with it. Harsh but effective. You can find the IP ranges at ipdeny.com. Alternatively you could install something like fail2ban and make it detect these attempts in Apache logs and block the originating IP. Regards, Patrick -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
