On Mon, Apr 04, 2022 at 12:53:34PM -0400, gene heskett wrote: [...] > One of the things I've noted about bullseye, is that apache2 is no longer > generating the "other" logs like it did for stretch for many years. That > was where all the bots wound up and I'm guessing there must be north of > 50 of them active at any one time [...] We had that bot discussion already, Gene. If I remember correctly, you didn't want to try the advice given to you around here (bots are usually easy to recognise given their headers: they seldom try to hide as "normal web users"). Besides, they usually come from a small range of addresses. What we are talking here about are break-in attempts, which do try to hide and come from a huge shotgun-scatter of IP addresses (most probably from botnets for hire, consisting of infected end-user boxes out there). Cheers -- t
Attachment:
signature.asc
Description: PGP signature