Understanding an access log and what modsecurity did
Ok first my server locked up this morning with
Feb 14 07:14:49 server1 kernel: Out of Memory: Killed process 18253 (httpd).
So I am trying to figure that one out, but I find this in my access_log
85.192.4.78 - - [14/Feb/2006:06:08:56 -0500] "GET / HTTP/1.0" 500 1013 "http://online-casino.mcr8.com" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
218.39.172.79 - - [14/Feb/2006:06:08:59 -0500] "GET / HTTP/1.1" 500 1013 "http://online-casino.mcr8.com" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
221.139.207.34 - - [14/Feb/2006:06:08:59 -0500] "GET / HTTP/1.1" 500 1013 "http://online-casino.mcr8.com" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
221.10.124.34 - - [14/Feb/2006:06:09:03 -0500] "GET / HTTP/1.0" 500 1013 "http://casino.mcr8.com" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
211.178.140.50 - - [14/Feb/2006:06:09:06 -0500] "GET / HTTP/1.1" 500 1013 "http://online-casino.mcr8.com" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
219.249.103.98 - - [14/Feb/2006:06:09:08 -0500] "GET / HTTP/1.1" 500 1013 "http://online-casino.mcr8.com" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
218.39.172.79 - - [14/Feb/2006:06:09:09 -0500] "GET / HTTP/1.1" 500 1013 "http://online-casino.mcr8.com" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
85.192.4.78 - - [14/Feb/2006:06:09:09 -0500] "GET / HTTP/1.0" 500 1013 "http://online-casino.mcr8.com" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
221.10.124.34 - - [14/Feb/2006:06:09:10 -0500] "GET / HTTP/1.0" 500 1013 "http://online-casino.mcr8.com" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
221.139.207.34 - - [14/Feb/2006:06:09:10 -0500] "GET / HTTP/1.1" 500 1013 "http://online-casino.mcr8.com" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
I dont have that website on my system, but then mod_security spits this out
[Tue Feb 14 06:08:50 2006] [error] [client 219.249.103.98] mod_security: Access denied with code 500. Pattern match "[\\\\w\\\\-_.]*(casino|roulette)\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OFVU6EAixYYAAA3UCp0AAAAA"]
[Tue Feb 14 06:08:50 2006] [error] [client 211.178.140.50] mod_security: Access denied with code 500. Pattern match "[\\\\w\\\\-_.]*(casino|roulette)\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OFfBTUAixYYAAEdNf@YAAAAD"]
[Tue Feb 14 06:08:50 2006] [error] [client 218.39.172.79] mod_security: Access denied with code 500. Pattern match "[\\\\w\\\\-_.]*(casino|roulette)\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OFp-n0AixYYAAG5RKN4AAAAN"]
[Tue Feb 14 06:08:50 2006] [error] [client 85.192.4.78] mod_security: Access denied with code 500. Pattern match "[\\\\w\\\\-_.]*(casino|roulette)\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OF0kfEAixYYAAHKskhAAAAAK"]
[Tue Feb 14 06:08:50 2006] [error] [client 221.139.207.34] mod_security: Access denied with code 500. Pattern match "[\\\\w\\\\-_.]*(casino|roulette)\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OF1urUAixYYAAHMpBeUAAAAO"]
[Tue Feb 14 06:08:51 2006] [error] [client 24.91.80.71] mod_security: Access denied with code 500. Pattern match "[\\\\w\\\\-_.]*(casino|roulette)\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OGc-UEAixYYAACXGop0AAAAJ"]
[Tue Feb 14 06:08:56 2006] [error] [client 211.178.140.50] mod_security: Access denied with code 500. Pattern match "(online)+[\\\\w\\\\-_.]*(prescription|casino|roulette|slot)+[\\\\w\\\\-_.]*\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OK8ZckAixYYAAHMmghEAAAAG"]
[Tue Feb 14 06:08:56 2006] [error] [client 219.249.103.98] mod_security: Access denied with code 500. Pattern match "(online)+[\\\\w\\\\-_.]*(prescription|casino|roulette|slot)+[\\\\w\\\\-_.]*\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OLDtoEAixYYAAEdOgFwAAAAE"]
[Tue Feb 14 06:08:56 2006] [error] [client 85.192.4.78] mod_security: Access denied with code 500. Pattern match "(online)+[\\\\w\\\\-_.]*(prescription|casino|roulette|slot)+[\\\\w\\\\-_.]*\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OLwVs0AixYYAAEdMHusAAAAC"]
[Tue Feb 14 06:08:59 2006] [error] [client 218.39.172.79] mod_security: Access denied with code 500. Pattern match "(online)+[\\\\w\\\\-_.]*(prescription|casino|roulette|slot)+[\\\\w\\\\-_.]*\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OOABc0AixYYAAHMnITMAAAAI"]
[Tue Feb 14 06:08:59 2006] [error] [client 221.139.207.34] mod_security: Access denied with code 500. Pattern match "(online)+[\\\\w\\\\-_.]*(prescription|casino|roulette|slot)+[\\\\w\\\\-_.]*\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OOT7uUAixYYAAEdNf@cAAAAD"]
[Tue Feb 14 06:09:03 2006] [error] [client 221.10.124.34] mod_security: Access denied with code 500. Pattern match "[\\\\w\\\\-_.]*(casino|roulette)\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "ORuFNEAixYYAAA3UCp4AAAAA"]
[Tue Feb 14 06:09:06 2006] [error] [client 211.178.140.50] mod_security: Access denied with code 500. Pattern match "(online)+[\\\\w\\\\-_.]*(prescription|casino|roulette|slot)+[\\\\w\\\\-_.]*\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OUw9g0AixYYAAHMpBeYAAAAO"]
[Tue Feb 14 06:09:08 2006] [error] [client 219.249.103.98] mod_security: Access denied with code 500. Pattern match "(online)+[\\\\w\\\\-_.]*(prescription|casino|roulette|slot)+[\\\\w\\\\-_.]*\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OXH5Z0AixYYAACXGop4AAAAJ"]
[Tue Feb 14 06:09:09 2006] [error] [client 218.39.172.79] mod_security: Access denied with code 500. Pattern match "(online)+[\\\\w\\\\-_.]*(prescription|casino|roulette|slot)+[\\\\w\\\\-_.]*\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OXi46kAixYYAAG5RKN8AAAAN"]
[Tue Feb 14 06:09:09 2006] [error] [client 85.192.4.78] mod_security: Access denied with code 500. Pattern match "(online)+[\\\\w\\\\-_.]*(prescription|casino|roulette|slot)+[\\\\w\\\\-_.]*\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OYC@10AixYYAAHKskhEAAAAK"]
[Tue Feb 14 06:09:10 2006] [error] [client 221.10.124.34] mod_security: Access denied with code 500. Pattern match "(online)+[\\\\w\\\\-_.]*(prescription|casino|roulette|slot)+[\\\\w\\\\-_.]*\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OYLH5UAixYYAAHMmghIAAAAG"]
[Tue Feb 14 06:09:10 2006] [error] [client 221.139.207.34] mod_security: Access denied with code 500. Pattern match "(online)+[\\\\w\\\\-_.]*(prescription|casino|roulette|slot)+[\\\\w\\\\-_.]*\\\\.[a-z]{2,}" at HEADER("Referer") [hostname "www.HIDDENBYME.com"] [uri "/"] [unique_id "OYRL@UAixYYAAEdMHuwAAAAC"]
SO I am just tryin to figure out what is going on and just exactly what was attempted
|