Apache Logs

[tony barry <tony () no-bull co nz>]

Hi List,

I recently found the following in my Apache error logs.


[Sun Apr 15 21:15:50 2007] [error] [client 222.84.146.84] mod_security:
Access denied with code 406. Pattern match "^$" at HEADER("USER-AGENT")
[severity "EMERGENCY"] [hostname "my ip here"] [uri "/"]

[Mon Apr 16 05:07:24 2007] [error] [client 222.137.34.211] mod_security:
Access denied with code 406. Pattern match "^$" at HEADER("USER-AGENT")
[severity "EMERGENCY"] [hostname "my ip here"] [uri "/"]

[Mon Apr 16 18:45:22 2007] [error] [client 222.137.123.38] mod_security:
Access denied with code 406. Pattern match "^$" at HEADER("USER-AGENT")
[severity "EMERGENCY"] [hostname "my ip here"] [uri "/"]

[Mon Apr 16 18:50:41 2007] [error] [client 222.243.165.41] mod_security:
Access denied with code 406. Pattern match "^$" at HEADER("USER-AGENT")
[severity "EMERGENCY"] [hostname "my ip here"] [uri "/"]

[Mon Apr 16 21:40:59 2007] [error] [client ::1] mod_security: Access
denied with code 406. Pattern match "^$" at HEADER("HOST") [severity
"EMERGENCY"] [uri "/"]

[Mon Apr 16 21:41:00 2007] [error] [client ::1] mod_security: Access
denied with code 406. Pattern match "^$" at HEADER("HOST") [severity
"EMERGENCY"] [uri "/"]

[Mon Apr 16 21:41:02 2007] [error] [client ::1] mod_security: Access
denied with code 406. Pattern match "^$" at HEADER("HOST") [severity
"EMERGENCY"] [uri "/"]

[Mon Apr 16 22:11:40 2007] [error] [client 222.137.123.38] mod_security:
Access denied with code 406. Pattern match "^$" at HEADER("USER-AGENT")
[severity "EMERGENCY"] [hostname "my ip here7"] [uri "/"]


Looking back in the logs I found many instances of this error message
but of real concern are the two entries with [client ::1] which is what
caught my attention. Have I been hacked?