[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fail2ban for apache2

On Mon, Nov 11, 2019 at 12:18:17PM -0500, Gene Heskett wrote:
> Only one log file seems to have useful data, the "other..." file, and I 
> have posted several single lines here, but here's a  few more:
> 
> coyote.coyote.den:80 40.94.105.9 - - 
> [11/Nov/2019:12:08:53 -0500] "GET /gene/ HTTP/1.1" 200 
> 5141 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 
> (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"
> coyote.coyote.den:80 40.94.105.9 - - 
> [11/Nov/2019:12:08:53 -0500] "GET /gene/pix/EasterSundayCropped2004-1.jpg 
> HTTP/1.1" 200 194478 "http://geneslinuxbox.net:6309/gene/"; "Mozilla/5.0 
> (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) 
> Chrome/57.0.2987.133 Safari/537.36"
> coyote.coyote.den:80 40.94.105.9 - - 
> [11/Nov/2019:12:08:56 -0500] "GET /favicon.ico HTTP/1.1" 200 
> 1705 "http://geneslinuxbox.net:6309/gene/"; "Mozilla/5.0 (Windows NT 
> 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) 
> Chrome/57.0.2987.133 Safari/537.36"
> coyote.coyote.den:80 203.133.169.54 - - 
> [11/Nov/2019:12:10:52 -0500] "GET /robots.txt HTTP/1.1" 200 
> 1092 "-" "Mozilla/5.0 (compatible; Daum/4.1; 
> +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> coyote.coyote.den:80 203.133.169.54 - - 
> [11/Nov/2019:12:10:53 -0500] "GET /gene/nitros9/level1/d64/modules/sysgo_h0 
> HTTP/1.1" 200 706 "-" "Mozilla/5.0 (compatible; Daum/4.1; 
> +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> coyote.coyote.den:80 203.133.169.54 - - 
> [11/Nov/2019:12:10:58 -0500] "GET /gene/nitros9/level1/coco2b/NOS9_6809_L1_coco2b_cocosdc.dsk 
> HTTP/1.1" 200 4718822 "-" "Mozilla/5.0 (compatible; Daum/4.1; 
> +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> coyote.coyote.den:80 203.133.169.54 - - 
> [11/Nov/2019:12:11:21 -0500] "GET /gene/nitros9/level1/coco2_6309/NOS9_6309_L1_coco2_6309_dw_directmodempak.dsk 
> HTTP/1.1" 200 554724 "-" "Mozilla/5.0 (compatible; Daum/4.1; 
> +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> coyote.coyote.den:80 203.133.169.54 - - 
> [11/Nov/2019:12:11:29 -0500] "GET /gene/nitros9/level1/dalpha/modules/defsfile 
> HTTP/1.1" 200 248 "-" "Mozilla/5.0 (compatible; Daum/4.1; 
> +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> coyote.coyote.den:80 203.133.169.54 - - 
> [11/Nov/2019:12:11:34 -0500] "GET /gene/nitros9/level1/atari/modules/n1_scdwv.dd 
> HTTP/1.1" 200 280 "-" "Mozilla/5.0 (compatible; Daum/4.1; 
> +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> coyote.coyote.den:80 203.133.169.54 - - 
> [11/Nov/2019:12:11:39 -0500] "GET /gene/nitros9/level1/coco1_6309/bootfiles/bootfile_covga_cocosdc 
> HTTP/1.1" 200 16133 "-" "Mozilla/5.0 (compatible; Daum/4.1; 
> +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> 
> I did ask earlier if daum was a bot but no one answered.  They are 
> becoming a mite pesky.

Well, maybe nobody knows.

I went to daum.net in a web browser, and it looks like it's in an Asian
language.  It also looks like it's selling a bunch of stuff (at least,
it's laid out the way a retailer's web page is typically laid out).

I also went to the URL in your log
<http://cs.daum.net/faq/15/4118.html?faqId=28966>.  Again, it's in a
language that I can't read, but it's talking about robots.txt and shows
an example of how to block them.

So, yes, it's a bot.

Did you not try either of these steps yourself?
Reply to: