[SAC] CASE2: human spammer tried to obtain mantra (and failed)
Sandro Santilli
strk at keybit.net
Wed May 18 06:55:00 PDT 2016
An ERRATA
On Wed, May 18, 2016 at 03:23:20PM +0200, Sandro Santilli wrote:
> NO such IP hit the user creation form in the recent days.
I was only looking at the trac logs, the web logs do actually
contain traces of the guy trying to register:
103.38.177.2 - - [17/May/2016:11:51:42 -0700] "POST /cgi-bin/ldap_create_user.py HTTP/1.1" 200 949 "https://www.osgeo.org/cgi-bin/ldap_create_user.py" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36 OPR/37.0.2178.43"
103.38.177.2 - - [17/May/2016:11:52:13 -0700] "POST /cgi-bin/ldap_create_user.py HTTP/1.1" 200 949 "https://www.osgeo.org/cgi-bin/ldap_create_user.py" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36 OPR/37.0.2178.43"
103.38.177.2 - - [17/May/2016:11:52:17 -0700] "POST /cgi-bin/ldap_create_user.py HTTP/1.1" 200 949 "https://www.osgeo.org/cgi-bin/ldap_create_user.py" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36 OPR/37.0.2178.43"
103.38.177.2 - - [17/May/2016:11:52:19 -0700] "POST /cgi-bin/ldap_create_user.py HTTP/1.1" 200 949 "https://www.osgeo.org/cgi-bin/ldap_create_user.py" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36 OPR/37.0.2178.43"
And his IP being blocked for one hour after that:
2016-05-17 11:52:30,335 fail2ban.actions: WARNING [osgeo-ldap-create-toomany] Ban 103.38.177.2
2016-05-17 12:52:30,919 fail2ban.actions: WARNING [osgeo-ldap-create-toomany] Unban 103.38.177.2
--strk;
More information about the Sac
mailing list