Log Entries IP´s

Support
,
1

NethServer Version: 7 Final
Good Morning. I try to check out if the Security is working well with this Server and found a lot of times
Entries like this:
192.168.100.5 - - [28/Feb/2017:06:26:56 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:27:08 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:27:21 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:27:34 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:27:47 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:28:00 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:28:13 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:28:26 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:28:39 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:28:52 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:29:05 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:29:18 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:29:31 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:29:44 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:29:57 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:30:10 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:30:23 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:30:36 +0100] “\xba\xbe\xfe\xfa” 400 226
192.168.100.5 - - [28/Feb/2017:06:30:49 +0100] “\xba\xbe\xfe\xfa” 400 226
The Server is only reachable over Port 433 from the outside. I am again not sure that the log entry shows the right IP´s if something happen. Can someone explain this entry?

2

Ehi man, so weird. Can you provide us more details? Honestly I don’t have any clue on this

3

buongiorno alessio, i guess that something is not right with the log entries. it often shows the external ip adress of the server, also with entries like i post. so i guess if someone try to reach the server from the outside it not shows the ip adress of the client, it shows only the external ip adress of the server. we had this problem also with sogo a few ago.

4

Hi @hucky ,

Do you have installed F2B?
It’s very efficient against force brut attacks.
I use F2B on every NS installation that I have.

Another question. In which log file?

F2B.PNG1279×692 61.7 KB

5

Hi @GG_jr
yes, i have, that was the reason i stumble into the question what i discuss with @stephdl what ip adresses will logged. entries are from the /var/log/httpd/access_log. i also see that active sync not show the right ip address if syncing with the sogo server.

6

I don’t have anything like your record in my httpd/access_log.

httpd_access_log.PNG1022×688 29.8 KB

1 Like