I setup a new VPS a month or so ago, but in the last week things have
got a little wild in the apache access and error logs.
I'm using firehol, denyhosts and fail2ban to try and stop the constant
traffic, and I guess it's my lack of regex knowledge that isn't
helping there. Those packages should help prevent stuff like:
203.186.54.50 - - [26/Jan/2011:12:42:12 +0000] "CONNECT
80.176.162.50:25 HTTP/1.0" 200 10417 "-" "-"
178.162.131.33 - - [26/Jan/2011:12:42:53 +0000] "GET
http://vastdata.net/ HTTP/1.1" 200 10312 "-" "-"
123.165.11.194 - - [26/Jan/2011:12:38:18 +0000] "GET
http://proxyjudge2.proxyfire.net/fastenv HTTP/1.1" 404 537 "-"
"Mozill
a/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
[Wed Jan 26 05:01:05 2011] [error] [client 76.253.161.24] File does
not exist: /var/www/vch/data
[Wed Jan 26 05:03:21 2011] [error] [client 112.194.97.133] script
'/var/www/vch/proxycheck.php' not found or unable to stat
[Wed Jan 26 05:07:57 2011] [error] [client 116.248.134.82] script
'/var/www/vch/proxygrade.php' not found or unable to stat, referer:
http://www.proxygrade.com/proxygrade.php?hash=C59C2E3FD31372BAD
D1004781F90050A953698723D3E
Comments, advice and regex guidance are always welcome.
Cie