Monday, December 18

Christmas, and the holiday spirit, and Internet security

Recently, since we've all been shopping, out there paying attention to gifts, what we are going to get, and what we aren't going to get. An attack has been going on. Apparently, against my web server.

I review my weblogs (I review all my logs) on a weekly basis. Because really, what's the point in having logs if you're not going to look at them? A log that isn't looked at is a pointless log. You might as well shut off syslog if you aren't going to look at the logs. But I digress.

I review my weblogs. I have mod_security installed on my apache webserver here, so through my custom mod_security rules, I am provided with audit_log in my logging directory.

I usually get about 200 to 300 entries a week in that file. All denied.

Last week that number jumped to almost 9000. As of this morning (my logs roll over on Sunday), I had over 3000.

As I am on my blackberry I don't have a copy of the logs, so I'll post a sample entry later.

But the string I see a lot is "x-aaaaaaaaaaa" in the header.

Anyone else seeing these?

No comments: