Re: Host/hosts with different IPs visiting the same site of an apache web server every 3(+/-) minites.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

is that not what you actually want?
To have lot's of visitors to your website?
If you don't want any visitors why in the first place have a public web?

Anyhow, what you see in the log file is just several hosts surfing to your root page at your server.

"Mozilla/4.0 ...." <-- Host/Client information

"GET / HTTP/1.1" 200 2567 "-" <---- Error/information codes

"GET /" <---- Means get the root page at virtual or physical web server
"200" <------ Is the error/informational code from Apache web server
"2567" <----- Is the total page size downloaded to the host browser

And yes, with your "Reject" statement no one will be able to connect your web server from a public address.
So the lack of logging in your web server log is fully expected.

If you however suspect that you are in some serious DoS attack you could simply check up the addresses and block the source addresses at FW level!

/Micke Andersson

On Thu, 21 Aug 2003 14:29:19 +0600
Zahid Hossain <zahid@xxxxxxxx> wrote:

<snip>
> Hi,
> I'm suspecting security problem for my Apache Web Server. 
> Host/hosts with different IPs visiting the same site of an apache web server 
> every 3(+/-) minites.
> 
</snip>
<snip>
> "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
> 218.65.4.5 - - [20/Aug/2003:17:54:28 +0600] "GET / HTTP/1.1" 200 2567 "-" 
> "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
> 64.91.30.134 - - [20/Aug/2003:17:57:18 +0600] "GET / HTTP/1.1" 200 2567 "-" 
> See.. everyting is same except IP and the time. Don't you think I should 
> suspect?
> One thing I can say that it's nothing in my Server, because if I block my 
> gateway (MAC 00:20:7B:3C:A4:43) using
> iptables -A INPUT -m mac --mac-source 00:20:7B:3C:A4:43 -i eth0 -j REJECT
> 
> I get not request in my Apache server.
> 
> Anyone have any idea?
> 
> Zahid Hossain
> 
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
>          with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux