possible attack?

Discussion in 'General' started by weezul, Jan 8, 2010.

  1. weezul

    weezul New Member

    hello, my apache error.log is growing insane since i fucked up my template :)

    through that i discovered that there a several ips browsing to the ipconfig login and are still getting errors.

    [Fri Jan 08 14:32:49 2010] [error] [client] PHP Strict Standards:  Non-static method vlibTemplateError::raiseError() should not be called statically, assuming $this from incompatible context in /usr/local/ispconfig/interface/lib/classes/tpl.inc.php on line 161
    i counted all ips in the error.log and within 1 hour i got this:

    i looked up the ip adresses, 3 of them are from china and 1 is from the usa.

    are those guys trying to bruteforce my ispconfig login?
  2. ivomendonca

    ivomendonca Banned


    You can block that in fail2ban conf.
    They (China, ru, etc...) never stop bruteforce, you can slow them down.
    I ban for 1 hour for 6 wrong password trys.
    You can add the ip to permanent ban, beware that clients and yourself can be banned too.
  3. weezul

    weezul New Member


    i found also lines with those CONNECT, can anyone tell me what those lines mean? ( 20100108-access.log )

    Code: - - [08/Jan/2010:05:48:27 +0100] "CONNECT HTTP/1.0" 200 306 "-" "-" - - [08/Jan/2010:05:48:27 +0100] "CONNECT HTTP/1.0" 200 306 "-" "-"

Share This Page