[Labs-l] Tools admins, please check, Fwd: [Fail2Ban] apache-bots: banned 208.80.153.167
Marc A. Pelletier
marc at uberbox.org
Sat Sep 7 15:05:14 UTC 2013
On 09/07/2013 10:31 AM, Jeremy Baron wrote:
> where did the string "apache-bots" come from then? is that the name of a
> user account that we were supposedly trying to brute force?
"Apache-bots" is their hostname.
> note this report doesn't even say what protocol was involved. (http?
> ssh? rsh?) also, it says "1 attempt". so maybe was some sort of
> typo/honest mistake.
The logs are apache logs, and they show successful HEAD/GET of a
honeypot file; whether that was under HTTP or HTTPS is immaterial.
-- Marc
More information about the Labs-l
mailing list