[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: reviewing httpd access log

To: misc@openbsd.org
Subject: Re: reviewing httpd access log
From: J Moore <jaymo@cullmail.com>
Date: Mon, 2 Aug 2004 19:51:15 -0500
Content-Disposition: inline
References: <20040801174234.GA76@kingcull.cullmail.com> <87oelu12hg.fsf@tratt.blahonga.org>
User-Agent: Mutt/1.5.6i

On Mon, Aug 02, 2004 at 08:24:43AM +0200, the unit calling itself Artur Grabowski wrote:
> 
> > Reviewing my /var/www/logs/access_log file it seems there are a lot of 
> > "bogus" entries; i.e. people trying various hacks, looking for 
> > weaknesses, testing for win32, etc, etc.
> > 
> > Is there a good technique for automatically identifying these 
> > trouble-makers? I'd like to be able to build a "deny" table for pf to 
> > halt repeat offendors, but I can't afford the time to review the logs 
> > "manually".
> 
> What problem are you trying to solve?
 
I can't run chrooted httpd; I have some cgi scripts that are probably 
not "bullet-proof". I want to avoid a compromise.

Jay

References:
- reviewing httpd access log
  - From: J Moore <jaymo@cullmail.com>
- Re: reviewing httpd access log
  - From: Artur Grabowski <art@blahonga.org>

Prev by Date: Re: reviewing httpd access log
Next by Date: isakmpd with x509 certificates and sub ca?
Prev by thread: Re: reviewing httpd access log
Next by thread: Re: reviewing httpd access log
Index(es):
- Date
- Thread