possible attack?

Discussion in 'General' started by weezul, Jan 8, 2010.

  1. weezul

    weezul New Member

    hello, my apache error.log is growing insane since i fucked up my template :)

    through that i discovered that there a several ips browsing to the ipconfig login and are still getting errors.

    Code:
    [Fri Jan 08 14:32:49 2010] [error] [client 202.59.152.155] PHP Strict Standards:  Non-static method vlibTemplateError::raiseError() should not be called statically, assuming $this from incompatible context in /usr/local/ispconfig/interface/lib/classes/tpl.inc.php on line 161
    
    i counted all ips in the error.log and within 1 hour i got this:

    Code:
      
    216x 119.47.82.112
    202x 125.224.195.164
    376x 202.59.152.155
    308x 67.215.241.234
    
    i looked up the ip adresses, 3 of them are from china and 1 is from the usa.

    are those guys trying to bruteforce my ispconfig login?
     
  2. ivomendonca

    ivomendonca Banned

    Fail2ban

    You can block that in fail2ban conf.
    They (China, ru, etc...) never stop bruteforce, you can slow them down.
    I ban for 1 hour for 6 wrong password trys.
    You can add the ip to permanent ban, beware that clients and yourself can be banned too.
     
  3. weezul

    weezul New Member

    thanks,

    i found also lines with those CONNECT, can anyone tell me what those lines mean? ( 20100108-access.log )

    Code:
    202.59.152.155 - - [08/Jan/2010:05:48:27 +0100] "CONNECT 61.222.251.180:25 HTTP/1.0" 200 306 "-" "-"
    202.59.152.155 - - [08/Jan/2010:05:48:27 +0100] "CONNECT 65.55.92.136:25 HTTP/1.0" 200 306 "-" "-"
    
     

Share This Page