Apache doesn't log failed SSL negotiation IPs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My server has somehow found its self on the end of some strange
behaviour originating from the Pushdo botnet as described here:

http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100129

The infected hosts basically connect to the HTTPS port, send some
garbage and then disconnect without the SSL negotiation even being
completed. My error log is full of stuff like this:

[Mon Feb 01 18:19:37 2010] [error] unusably short session_id provided (1
bytes)

Apache doesn't seem to log the IP address when this happens ... Is there any way of making it log that information somewhere?

--
Mike Cardwell    : UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/       #06920226
Technical Blog   : Tech Blog  - https://secure.grepular.com/
Spamalyser       : Spam Tool  - http://spamalyser.com/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux