Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: sound101 on April 02, 2006, 08:52:36 PM

Title: httpd/access_log filling up
Post by: sound101 on April 02, 2006, 08:52:36 PM

Hi

My httpd/access_log is filling up with:

heaslip.me.uk 83.245.45.230 - - [02/Apr/2006:13:04:16 +0100] "HEAD / HTTP/1.0" 200 - "-" "WhatsUp_Gold/7.0"
heaslip.me.uk 83.245.45.230 - - [02/Apr/2006:13:05:13 +0100] "HEAD / HTTP/1.0" 200 - "-" "WhatsUp_Gold/7.0"
heaslip.me.uk 83.245.45.230 - - [02/Apr/2006:13:06:16 +0100] "HEAD / HTTP/1.0" 200 - "-" "WhatsUp_Gold/7.0"
heaslip.me.uk 83.245.45.230 - - [02/Apr/2006:13:07:13 +0100] "HEAD / HTTP/1.0" 200 - "-" "WhatsUp_Gold/7.0"

this message repeats itself every minute, the ip address is part of the range my isp uses, any ideas on how i can stop this logging?

Am running SME 7.0rc1 in server only mode, my firewall fowards tcp/udp ports 80 & 25 to the sme box.

Thanks

Title: Re: httpd/access_log filling up
Post by: CharlieBrady on April 03, 2006, 12:16:23 AM

Quote from: "sound101"

Hi

My httpd/access_log is filling up with:

heaslip.me.uk 83.245.45.230 - - [02/Apr/2006:13:04:16 +0100] "HEAD / HTTP/1.0" 200 - "-" "WhatsUp_Gold/7.0"
heaslip.me.uk 83.245.45.230 - - [02/Apr/2006:13:05:13 +0100] "HEAD / HTTP/1.0" 200 - "-" "WhatsUp_Gold/7.0"
heaslip.me.uk 83.245.45.230 - - [02/Apr/2006:13:06:16 +0100] "HEAD / HTTP/1.0" 200 - "-" "WhatsUp_Gold/7.0"
heaslip.me.uk 83.245.45.230 - - [02/Apr/2006:13:07:13 +0100] "HEAD / HTTP/1.0" 200 - "-" "WhatsUp_Gold/7.0"

this message repeats itself every minute, the ip address is part of the range my isp uses, any ideas on how i can stop this logging?

You could do it by blocking that IP address. But why do you want to stop that logging? The log file is *meant* to record accesses to your website. These records indicate accesses to your website (by a network monitoring tool).

Title: httpd/access_log filling up
Post by: sound101 on April 03, 2006, 12:29:02 AM

Cant block IP with firewall, the rule to foward port 80 overrides the block.

Want to stop this IP logging because it happens every 1 minute 24/7 makes it difficult to go through the logs for real website access, ie someone looking at it not a monitoring tool.

Title: httpd/access_log filling up
Post by: JonB on April 03, 2006, 01:46:16 AM

Try this on the server. From the server console

Code: [Select]

db configuration setprop httpd-e-smith DenyHosts 83.245.45.230
signal-event remoteaccess-update

Jon

Title: httpd/access_log filling up
Post by: sound101 on April 03, 2006, 07:20:30 PM

Many thanks Jon, worked perfect! Another quick Q been getting this message in messages log file every hour:

Apr  3 17:01:01 server crond(pam_unix)[27487]: session opened for user root by (uid=0)
Apr  3 17:01:01 server crond(pam_unix)[27487]: session closed for user root

and this e-mail in my admin:

etc/cron.daily/01-rkhunter:

Line:
Watch out Root login possible. Possible risk!
-----------------------------------------------------------------

Found warnings:
[04:05:40] Warning: root login possible. Change for your safety the 'PermitRootLogin'


is this normal for 7.x ? didnt notice it in 6.01...

Thanks

Ben