I have two issues going on since I upgraded. First is pure-ftpd, it now logs in every minute on the second. 21:03:01 jedimud pure-ftpd: ([email protected]) [INFO] New connection from localhost.localdomain Apr 15 21:03:01 jedimud pure-ftpd: ([email protected]) [INFO] Logout. It never has had OSSEC report this from the logs, and research of past logs shows it did not do this before. If this the default behavior now for pure-ftpd? Second is apache2. Every website I host now gives an error which OSSEC reports to me. It happens constantly. [Tue Apr 15 20:59:01.680085 2014] [authz_core:error] [pid 4146] [client 127.0.0.1:28505] AH01630: client denied by server configuration: /var/cache/munin/www/index.html [Tue Apr 15 20:59:01.680165 2014] [authz_core:error] [pid 4146] [client 127.0.0.1:28505] AH01630: client denied by server configuration: /var/cache/munin/www/index.cgi [Tue Apr 15 20:59:01.680235 2014] [authz_core:error] [pid 4146] [client 127.0.0.1:28505] AH01630: client denied by server configuration: /var/cache/munin/www/index.pl [Tue Apr 15 20:59:01.680304 2014] [authz_core:error] [pid 4146] [client 127.0.0.1:28505] AH01630: client denied by server configuration: /var/cache/munin/www/index.php [Tue Apr 15 20:59:01.680375 2014] [authz_core:error] [pid 4146] [client 127.0.0.1:28505] AH01630: client denied by server configuration: /var/cache/munin/www/index.xhtml [Tue Apr 15 20:59:01.680445 2014] [authz_core:error] [pid 4146] [client 127.0.0.1:28505] AH01630: client denied by server configuration: /var/cache/munin/www/index.htm [Tue Apr 15 20:59:01.680506 2014] [authz_core:error] [pid 4146] [client 127.0.0.1:28505] AH01630: client denied by server configuration: /var/www/clients/ [Tue Apr 15 20:59:01.680526 2014] [authz_core:error] [pid 4146] [client 127.0.0.1:28505] AH01630: client denied by server configuration: /var/www/www2.aphelion-webzine.com/ [Tue Apr 15 20:59:01.680544 2014] [authz_core:error] [pid 4146] [client 127.0.0.1:28505] AH01630: client denied by server configuration: /var/www/www.us.filknet.org/ [Tue Apr 15 20:59:01.680561 2014] [authz_core:error] [pid 4146] [client 127.0.0.1:28505] AH01630: client denied by server configuration: /var/www/www.kitanzi.com/ This never happened before the upgrade. I am hoping its just something simple I missed. Thank you for any help.
Thats the system monitor. These requests are not from ispconfig. it seems as if seomeone tres to request documents outside of the wev root and gets blocked by apache correctly.
