My server has somehow found its self on the end of some strange behaviour originating from the Pushdo botnet as described here: http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100129 The infected hosts basically connect to the HTTPS port, send some garbage and then disconnect without the SSL negotiation even being completed. My error log is full of stuff like this: [Mon Feb 01 18:19:37 2010] [error] unusably short session_id provided (1 bytes)Apache doesn't seem to log the IP address when this happens ... Is there any way of making it log that information somewhere?
-- Mike Cardwell : UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226 Technical Blog : Tech Blog - https://secure.grepular.com/ Spamalyser : Spam Tool - http://spamalyser.com/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|