[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: swamp rat bots Q

On Friday 04 December 2020 01:34:52 john doe wrote:

> On 12/4/2020 7:03 AM, Andy Smith wrote:
> > Hello,
> >
> > On Fri, Dec 04, 2020 at 12:03:57AM -0500, Gene Heskett wrote:
> >> what file do I edit to add todays
> >> /var/log/httpd/other_vhosts_access.log to its list of logs to
> >> watch.  That's the log file with the real data in it today.  And
> >> does it need enabled in another, different file.
> >
> > Again we have been down this avenue before, but I will try one last
> > time.
> >
> > It seems quite likely that the bot you have a problem with has the
> > same user agent string, or a very small variation on the same
> > string. If so then you can block it just with Apache.
> >
> > So, can you show us a few lines of logs from your
> > /var/log/httpd/other_vhosts_access.log of the accesses from the
> > offending bot(s)?
> That is, increase your log verbosity (1) and and give us part of the
> relevent lines.
> Also if fail2ban is not working turn it off and other stuff that you
> have put inplace to block those attacks, so we have something clean to
> work with, apache is your first line of defence here.
> 1)  https://httpd.apache.org/docs/2.4/mod/core.html#loglevel
Page doesn't cover my stretch version. Paths are not the same for 
starters, yet I have 5 installs here from wheezy to buster to raspbian.  
All alike, in my looking around, but not THAT version.
> --
> John Doe

Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to: