Topic: Logwatch httpd
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
======== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8 MARIADB edition
- Linux/BSD distribution name and version: Deian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Nope
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I got some spamming in my logwatch under httpd:
Requests with error response codes
400 Bad Request
null: 8699 Time(s)
\xEE: 3 Time(s)
$: 2 Time(s)
\x08: 2 Time(s)
\x93: 2 Time(s)
\xBE: 2 Time(s)
\xD0: 2 Time(s)
d: 2 Time(s)
!1\xA61\x80\xE0\xDA\xB8f:\xE8\x9En}s\x8Fd\ ... xFC\xF7\x02\xE1: 1 Time(s)
!1o\xE7C\x83\xD5P\x84\x1B\xCB\xF6@\xAD\x91 ... D\xBC\xA7j9\x98: 1 Time(s)
!>6\x82(B\x9D\xFD\x87\x10\xF6Ck\x03\xF2;\x ... 02\xE0N\x19\xA1: 1 Time(s)
!G\xCC\xA4\x1A\x05\x0E\xE7\xF1\x0B5%\xAAA7 ... xA2\xE5\x96\x84: 1 Time(s)
!\x80\x8C.0\x0B'\xCE7-\xFA\x03jr\x12v*[\xA ... \xDD\xF8@\x93h6: 1 Time(s)
!\x97\xBF\xEF;\xFF\x86\x9B\xE1|b8\xD3\x00\ ... 9RS~1\x08\xB0px: 1 Time(s)
!\x97\xC5\xF8=A\x17\xAE\x8D\xBB<\x80\xEF\x ... $\x10Z\x19\xB4o: 1 Time(s)
!\xB3e#\x06O\x92\x1A\x8DR\xAF\x88\xB4\x02R ... \x85\x22\xA0!EY: 1 Time(s)
!\xB7\xCB\x80I\x06\xC8F\xBC\x1D\xD8g\xCB\x ... 18\xC4\xE9\xFCK: 1 Time(s)
!\xB7\xD9\x8B\xC2\xD39;\xAD\xE3G\xD7: 1 Time(s)
!\xCF\xC9U\x08\x8EN\xAD\xF7Y\x87=\xBA5e\xA ... $\x08\xDAJD\xEB: 1 Time(s)
!v\x9C#?\x93\xB6\xB4guH\xE8\xBCh\x19\x8CA\ ... $\xB1w\xAD5\x9A: 1 Time(s)
#: 1 Time(s)
#)H\x08\x97\xDE\x00z\x8A\x0EL\xF5eD\x97\xC ... \x15f~\x10\x13-: 1 Time(s)
#:\x1C\x8BL\xB8\xB2\x83qb\x9D\xF1\xB2E\xE39: 1 Time(s)
#F`\xF7e\x9B|\x10\xF9\x92E\x9E\x1D\x96\x0C ... 04s\x0F\xB2\x08: 1 Time(s)
etc etc etc
Possible am a victim of some kind of an attack?
What can i do to stop this?
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.