[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: swamp rat bots Q

On 12/4/2020 7:03 AM, Andy Smith wrote:

On Fri, Dec 04, 2020 at 12:03:57AM -0500, Gene Heskett wrote:
what file do I edit to add todays
/var/log/httpd/other_vhosts_access.log to its list of logs to
watch.  That's the log file with the real data in it today.  And
does it need enabled in another, different file.

Again we have been down this avenue before, but I will try one last

It seems quite likely that the bot you have a problem with has the
same user agent string, or a very small variation on the same
string. If so then you can block it just with Apache.

So, can you show us a few lines of logs from your
/var/log/httpd/other_vhosts_access.log of the accesses from the
offending bot(s)?

That is, increase your log verbosity (1) and and give us part of the
relevent lines.

Also if fail2ban is not working turn it off and other stuff that you
have put inplace to block those attacks, so we have something clean to
work with, apache is your first line of defence here.

1)  https://httpd.apache.org/docs/2.4/mod/core.html#loglevel

John Doe

Reply to: