Hi, I'm using squirrelmail-1.4.21 on fedora20 with apache-2.4.9 and have the following in my logs: 173.13.167.230 - - [12/May/2014:21:40:53 -0400] "POST /webmail/src/redirect.php HTTP/1.1" 302 - " https://mail.mydomain.com/webmail/src/login.php"; "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.2; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 2973 2388 where mydomain.com is my server. Are these hack attempts? I came across the following on the fail2ban site here http://www.fail2ban.org/wiki/index.php/Talk:SquirrelMail: failregex = <HOST> - - \[.*\] "POST /webmail/src/redirect.php HTTP/1.[01]" 200 \d{1,5} "https?://[^/]+/webmail/src/login.php" ".*" There aren't any further comments about it there, so I was just curious if someone had some experience with this rule and whether the redirects were normal. They sure are excessive. Thanks, Alex ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
