Re: swamp rat bots Q

To: debian-user@lists.debian.org
Subject: Re: swamp rat bots Q
From: Andy Smith <andy@strugglers.net>
Date: Fri, 4 Dec 2020 06:03:34 +0000
Message-id: <[🔎] 20201204060334.GB7548@bitfolk.com>
In-reply-to: <[🔎] 202012040003.57042.gheskett@shentel.net>
References: <[🔎] 202012030735.27875.gheskett@shentel.net> <[🔎] 20201204021335.GY7548@bitfolk.com> <[🔎] 202012040003.57042.gheskett@shentel.net>

Hello,

On Fri, Dec 04, 2020 at 12:03:57AM -0500, Gene Heskett wrote:
> what file do I edit to add todays
> /var/log/httpd/other_vhosts_access.log to its list of logs to
> watch.  That's the log file with the real data in it today.  And
> does it need enabled in another, different file.

Again we have been down this avenue before, but I will try one last
time.

It seems quite likely that the bot you have a problem with has the
same user agent string, or a very small variation on the same
string. If so then you can block it just with Apache.

So, can you show us a few lines of logs from your
/var/log/httpd/other_vhosts_access.log of the accesses from the
offending bot(s)?

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

Follow-Ups:
- Re: swamp rat bots Q
  - From: john doe <johndoe65534@mail.com>
- Re: swamp rat bots Q
  - From: Gene Heskett <gheskett@shentel.net>

References:
- swamp rat bots Q
  - From: Gene Heskett <gheskett@shentel.net>
- Re: swamp rat bots Q
  - From: Andy Smith <andy@strugglers.net>
- Re: swamp rat bots Q
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: i386 debian to 64bit intel
Next by Date: Re: swamp rat bots Q
Previous by thread: Re: swamp rat bots Q
Next by thread: Re: swamp rat bots Q
Index(es):
- Date
- Thread