[plug] web server questions

Jon Miller jlmiller at mmtnetworks.com.au
Sat Sep 20 10:15:55 WST 2003


while viewing the logs (/var/log/httpd/access.log) and seeing a lot MS hoax e-mails being deleted by MailMonitor I'm wondering is it possible to block certain sites from accessing the web server.  Unlike mail servers where one can setup blacklist/blackholes/rbl list is there such a service for web servers?
I've noticed the following:

/var/log/httpd/error.log
[Sat Sep 20 10:01:12 2003] [error] [client 61.139.60.84] File does not exist: /var/www/html/tmpad/banner/itrack.asp
[Sat Sep 20 10:01:13 2003] [error] [client 61.139.60.84] File does not exist: /var/www/html/a.htm
[Sat Sep 20 10:01:22 2003] [error] [client 210.83.18.98] File does not exist: /var/www/html/search.php
[Sat Sep 20 10:01:35 2003] [error] [client 61.139.60.84] File does not exist: /var/www/html/Affiliate/SB/search1.js


[Sat Sep 20 10:03:19 2003] [error] [client 61.139.60.84] File does not exist: /var/www/html/tmpad/banner/itrack.asp
[Sat Sep 20 10:03:23 2003] [error] [client 220.113.13.11] File does not exist: /var/www/html/tmpad/banner/itrack.asp
[Sat Sep 20 10:03:26 2003] [error] [client 61.139.60.84] File does not exist: /var/www/html/tmpad/banner/itrack.asp
[Sat Sep 20 10:03:28 2003] [error] [client 61.139.60.84] File does not exist: /var/www/html/tmpad/banner/itrack.asp
[Sat Sep 20 10:03:35 2003] [error] [client 203.234.247.253] File does not exist: /var/www/html/default.ida
[Sat Sep 20 10:04:02 2003] [error] [client 220.173.238.48] File does not exist: /var/www/html/.sbean
[Sat Sep 20 10:04:37 2003] [error] [client 220.173.238.48] File does not exist: /var/www/html/ad.php

I know there was a error in http.conf where the ProxyPass was set to ON and this caused spamming through the web server to the mail server.  But this has been fixed.

/var/log/httpd/access.log
220.113.13.11 - - [20/Sep/2003:10:08:04 +0800] "GET http://ad.trafficmp.com/tmpad/banner/itrack.asp?rv=1.2&id=2870 HTTP/1.0" 404 217
221.pool0.dsltokyo.att.ne.jp - - [20/Sep/2003:10:08:26 +0800] "GET / HTTP/1.1" 200 9515
public2-runc2-5-cust118.manc.broadband.ntl.com - - [20/Sep/2003:10:08:26 +0800] "GET / HTTP/1.1" 200 9515
61.139.60.84 - - [20/Sep/2003:10:08:37 +0800] "GET http://www.trlweb.com/a.htm HTTP/1.0" 404 199
210.83.18.98 - - [20/Sep/2003:10:09:01 +0800] "POST http://sleuth-hound.com:80/search.php HTTP/1.0" 404 204
220.113.13.11 - - [20/Sep/2003:10:09:22 +0800] "GET http://ad.trafficmp.com/tmpad/banner/itrack.asp?rv=1.2&id=2821 HTTP/1.0" 404 217
210.83.18.98 - - [20/Sep/2003:10:09:24 +0800] "POST http://sleuth-hound.com:80/search.php HTTP/1.0" 404 204
61.139.60.84 - - [20/Sep/2003:10:09:43 +0800] "GET http://ad.trafficmp.com/tmpad/banner/itrack.asp?rv=1.2&id=896 HTTP/1.0" 404 217

The ones I'm questioning is:
221.pool0.dsltokyo.att.ne.jp - - [20/Sep/2003:10:08:26 +0800] "GET / HTTP/1.1" 200 9515
public2-runc2-5-cust118.manc.broadband.ntl.com - - [20/Sep/2003:10:08:26 +0800] "GET / HTTP/1.1" 200 9515

These may or may not be legit entries, is there a way to tell other than bringing those site up.

Any ideas what I can do?

Jon

Jon L. Miller, MCNE, CNS
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20030920/c512c7cd/attachment.htm>


More information about the plug mailing list