error_log for krishna

From: durga prasad - datasoft (datasoftvsp@sify.com)
Date: 03/15/02


From: "durga prasad - datasoft" <datasoftvsp@sify.com>
To: <security-basics@security-focus.com>
Date: Fri, 15 Mar 2002 18:38:27 +0530

try ipchains -A input -p tcp -s <his address> tcp -s <your IP> -j DENY
that will deny access to your server from that IP till next reboot.
hosts.deny does not stop access of (webserver)
if yu have probs from multiple addresses let me know on the list.
regards
durga prasad

----- Original Message -----
From: "Krishna" <Krishna_shekhar@softhome.net>
To: <security-basics@securityfocus.com>
Sent: Wednesday, March 13, 2002 7:07 PM
Subject: Huge size of error_log of httpd !!!Please help Urgent

| Wednesday, March 13, 2002 6:57:32 PM
| Hi,
| The error_log of httpd is going huge in size.The logs show that
| someone is trying to execute files on the server and it continues
| to modify its search.This is the log
| [Sun Mar 10 06:05:39 2002] [error] [client 210.254.142.39] File does not
exist: /home/httpd/html/cgi/
| [Sun Mar 10 06:10:51 2002] [error] [client 210.254.142.39] File does not
exist: /home/httpd/html/admin-serv/config/admpw
| [Sun Mar 10 06:12:39 2002] [error] [client 210.254.142.39] File does not
exist: /home/httpd/html/publisher
| [Sun Mar 10 06:31:27 2002] [error] [client 210.254.142.39] File does not
exist: /home/httpd/html/whois_raw.cgi
|
| Is there any way to stop this happening.I put the hosts ipaddress in
| the hosts.deny.But maybe he does ipspoofing and tries again with a
| different IP address.
| Please help as the logs are growing bigger and reducing our bandwidth.
| I am using RedHat6.0
|
| --
| regards,
| Krishna mailto:Krishna_shekhar@softhome.net
|
| Krishna Shekhar
| Network Administrator
| Wiplash.com
|
| __ | / /___ _/__ __ \__ /___ |_ ___/__ / / /
| __ | /| / / __ / __ /_/ /_ / __ /| |____ \__ /_/ /
| __ |/ |/ / __/ / _ ____/_ /___ ___ |___/ /_ __ /
| ____/|__/ /___/ /_/ /_____/_/ |_/____/ /_/ /_/
|
|
| http://wiplash2000.com
|



Relevant Pages

  • RE: Exchange Server
    ... I researched your logs and found the MSExchangeTransport events 4006, 969, ... Right click Default SMTP Virtual Server and select Properties. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: isa 2004 & external website access issue
    ... emailed the logs to you as requested. ... each web server has its own public IP ... > headers in ISA Server ... > 'Microsoft Firewall' service. ...
    (microsoft.public.windows.server.sbs)
  • RE: OWA 2003 with ISA 2004
    ... OWA externally. ... i can login by any user. ... 825763 How to configure Internet access in Windows Small Business Server ... g. Reproduce this issue and send the logs to me. ...
    (microsoft.public.windows.server.sbs)
  • RE: OWA 2003 with ISA 2004
    ... I understand that you can not login OWA from ... 825763 How to configure Internet access in Windows Small Business Server ... g. Reproduce this issue and send the logs to me. ... and then right click 'Microsoft Firewall' to ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN, RRAS & DHCP
    ... After researching your logs, I found the Event ID 20169 ... Please try to set RemoteAccess service to depend on the DHCP server ... Reboot the server to see whether the issue still occurs. ... The problem occurred after you install ISA server. ...
    (microsoft.public.windows.server.sbs)