Security Basics mailing list archives
Re: Apache Logs
From: "security.xentek" <eric () xentek net>
Date: Tue, 17 Apr 2007 09:50:37 -0400
Error 406 is a mime-type error. In other words, what ever was browsing your site didn't understand the mime type you were serving them.
- eric On Apr 16, 2007, at 3:35 PM, tony barry wrote:
Hi List, I recently found the following in my Apache error logs.[Sun Apr 15 21:15:50 2007] [error] [client 222.84.146.84] mod_security: Access denied with code 406. Pattern match "^$" at HEADER("USER- AGENT")[severity "EMERGENCY"] [hostname "my ip here"] [uri "/"][Mon Apr 16 05:07:24 2007] [error] [client 222.137.34.211] mod_security: Access denied with code 406. Pattern match "^$" at HEADER("USER- AGENT")[severity "EMERGENCY"] [hostname "my ip here"] [uri "/"][Mon Apr 16 18:45:22 2007] [error] [client 222.137.123.38] mod_security: Access denied with code 406. Pattern match "^$" at HEADER("USER- AGENT")[severity "EMERGENCY"] [hostname "my ip here"] [uri "/"][Mon Apr 16 18:50:41 2007] [error] [client 222.243.165.41] mod_security: Access denied with code 406. Pattern match "^$" at HEADER("USER- AGENT")[severity "EMERGENCY"] [hostname "my ip here"] [uri "/"] [Mon Apr 16 21:40:59 2007] [error] [client ::1] mod_security: Access denied with code 406. Pattern match "^$" at HEADER("HOST") [severity "EMERGENCY"] [uri "/"] [Mon Apr 16 21:41:00 2007] [error] [client ::1] mod_security: Access denied with code 406. Pattern match "^$" at HEADER("HOST") [severity "EMERGENCY"] [uri "/"] [Mon Apr 16 21:41:02 2007] [error] [client ::1] mod_security: Access denied with code 406. Pattern match "^$" at HEADER("HOST") [severity "EMERGENCY"] [uri "/"][Mon Apr 16 22:11:40 2007] [error] [client 222.137.123.38] mod_security: Access denied with code 406. Pattern match "^$" at HEADER("USER- AGENT")[severity "EMERGENCY"] [hostname "my ip here7"] [uri "/"] Looking back in the logs I found many instances of this error messagebut of real concern are the two entries with [client ::1] which is whatcaught my attention. Have I been hacked?
Current thread:
- Apache Logs tony barry (Apr 16)
- Re: Apache Logs jm (Apr 16)
- Re: Apache Logs tony barry (Apr 17)
- Re: Apache Logs jm (Apr 17)
- Re: Apache Logs tony barry (Apr 19)
- Re: Apache Logs tony barry (Apr 17)
- Re: Apache Logs jm (Apr 16)
- Re: Apache Logs security.xentek (Apr 17)