Rule: 30114 fired (level 10) -> "Multiple attempts to access non-existent files (web scan) from same source."

Rund um die Sicherheit des Systems und die Applikationen
Post Reply
Anonymous
 

Rule: 30114 fired (level 10) -> "Multiple attempts to access non-existent files (web scan) from same source."

Post by Anonymous »

Hallo, kurze Frage,

ich habe seit kurzem einen kleinen vServer und nun mal das Setup abgeschlossen. Seitdem erhalte ich im Minutenabstand folgende Mails

OSSEC

Rule: 30114 fired (level 10) -> "Multiple attempts to access non-existent files (web scan) from same source."

Ich hab nun mal schon zig verschiedene IP Adressen mit -j REJECT eingetragen. Aber was bedeutet das? Hier mal ein Auszug aus der active-response.log!

Hat einer eine IDEE?

Code: Select all

cat active-responses.log
Fri Aug 21 21:43:16 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 85.181.3.141 1250876596.20350 30114
Fri Aug 21 21:43:16 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 85.181.3.141 1250876596.20350 30114
Fri Aug 21 21:45:00 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 88.76.65.220 1250876700.49561 30114
Fri Aug 21 21:45:00 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 88.76.65.220 1250876700.49561 30114
Fri Aug 21 21:46:30 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 91.49.156.219 1250876790.73751 30114
Fri Aug 21 21:46:30 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 91.49.156.219 1250876790.73751 30114
Fri Aug 21 21:47:38 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 77.11.244.62 1250876858.91770 30114
Fri Aug 21 21:47:38 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 77.11.244.62 1250876858.91770 30114
Fri Aug 21 21:52:01 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 80.138.230.79 1250877121.149372 30114
Fri Aug 21 21:52:01 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 80.138.230.79 1250877121.149372 30114
Fri Aug 21 21:53:27 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 80.135.54.200 1250877207.163831 30114
Fri Aug 21 21:53:27 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 85.181.3.141 1250876596.20350 30114
Fri Aug 21 21:53:27 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 80.135.54.200 1250877207.163831 30114
Fri Aug 21 21:53:27 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 85.181.3.141 1250876596.20350 30114
Fri Aug 21 21:56:27 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 88.76.65.220 1250876700.49561 30114
Fri Aug 21 21:56:27 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 88.76.65.220 1250876700.49561 30114
Fri Aug 21 21:57:57 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 77.11.244.62 1250876858.91770 30114
Fri Aug 21 21:57:57 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 91.49.156.219 1250876790.73751 30114
Fri Aug 21 21:57:57 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 77.11.244.62 1250876858.91770 30114
Fri Aug 21 21:57:57 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 91.49.156.219 1250876790.73751 30114
Fri Aug 21 21:59:50 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 62.224.71.122 1250877590.230855 30114
Fri Aug 21 21:59:50 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 62.224.71.122 1250877590.230855 30114
Fri Aug 21 22:02:50 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 80.138.230.79 1250877121.149372 30114
Fri Aug 21 22:02:50 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 80.138.230.79 1250877121.149372 30114
Fri Aug 21 22:04:20 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 80.135.54.200 1250877207.163831 30114
Fri Aug 21 22:04:20 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 80.135.54.200 1250877207.163831 30114
Fri Aug 21 22:10:20 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 62.224.71.122 1250877590.230855 30114
Fri Aug 21 22:10:20 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 62.224.71.122 1250877590.230855 30114
Fri Aug 21 22:10:20 MSD 2009 Unable to run (iptables returning != 1): 1 - /var/ossec/active-response/bin/firewall-drop.sh delete - 62.224.71.122 1250877590.230855 30114
Fri Aug 21 22:10:21 MSD 2009 Unable to run (iptables returning != 1): 2 - /var/ossec/active-response/bin/firewall-drop.sh delete - 62.224.71.122 1250877590.230855 30114
Fri Aug 21 22:10:23 MSD 2009 Unable to run (iptables returning != 1): 3 - /var/ossec/active-response/bin/firewall-drop.sh delete - 62.224.71.122 1250877590.230855 30114
Fri Aug 21 22:10:26 MSD 2009 Unable to run (iptables returning != 1): 4 - /var/ossec/active-response/bin/firewall-drop.sh delete - 62.224.71.122 1250877590.230855 30114
Fri Aug 21 22:10:30 MSD 2009 Unable to run (iptables returning != 1): 5 - /var/ossec/active-response/bin/firewall-drop.sh delete - 62.224.71.122 1250877590.230855 30114
Fri Aug 21 22:10:35 MSD 2009 Unable to run (iptables returning != 1): 6 - /var/ossec/active-response/bin/firewall-drop.sh delete - 62.224.71.122 1250877590.230855 30114
Fri Aug 21 22:49:27 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 134.76.63.1 1250880567.313454 30114
Fri Aug 21 22:49:27 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 134.76.63.1 1250880567.313454 30114
Fri Aug 21 22:50:45 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 87.156.81.225 1250880645.343349 31151
Fri Aug 21 22:50:45 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 87.156.81.225 1250880645.343349 31151
Fri Aug 21 22:50:49 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 88.152.207.166 1250880649.345486 30114
Fri Aug 21 22:50:49 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 88.152.207.166 1250880649.345486 30114
Fri Aug 21 22:54:39 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 92.72.83.250 1250880879.412651 30114
Fri Aug 21 22:54:39 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 92.72.83.250 1250880879.412651 30114
Fri Aug 21 22:56:02 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 92.76.135.220 1250880961.434517 30114
Fri Aug 21 22:56:02 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 92.76.135.220 1250880961.434517 30114
Fri Aug 21 23:00:32 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 134.76.63.1 1250880567.313454 30114
Fri Aug 21 23:00:32 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 134.76.63.1 1250880567.313454 30114
Fri Aug 21 23:00:32 MSD 2009 Unable to run (iptables returning != 1): 1 - /var/ossec/active-response/bin/firewall-drop.sh delete - 134.76.63.1 1250880567.313454 30114
Fri Aug 21 23:00:33 MSD 2009 Unable to run (iptables returning != 1): 2 - /var/ossec/active-response/bin/firewall-drop.sh delete - 134.76.63.1 1250880567.313454 30114
Fri Aug 21 23:00:35 MSD 2009 Unable to run (iptables returning != 1): 3 - /var/ossec/active-response/bin/firewall-drop.sh delete - 134.76.63.1 1250880567.313454 30114
Fri Aug 21 23:00:38 MSD 2009 Unable to run (iptables returning != 1): 4 - /var/ossec/active-response/bin/firewall-drop.sh delete - 134.76.63.1 1250880567.313454 30114
Fri Aug 21 23:00:42 MSD 2009 Unable to run (iptables returning != 1): 5 - /var/ossec/active-response/bin/firewall-drop.sh delete - 134.76.63.1 1250880567.313454 30114
Fri Aug 21 23:00:47 MSD 2009 Unable to run (iptables returning != 1): 6 - /var/ossec/active-response/bin/firewall-drop.sh delete - 134.76.63.1 1250880567.313454 30114
Fri Aug 21 23:02:02 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 88.152.207.166 1250880649.345486 30114
Fri Aug 21 23:02:03 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 88.152.207.166 1250880649.345486 30114
Fri Aug 21 23:02:03 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 87.156.81.225 1250880645.343349 31151
Fri Aug 21 23:02:03 MSD 2009 Unable to run (iptables returning != 1): 1 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.156.81.225 1250880645.343349 31151
Fri Aug 21 23:02:03 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 87.156.81.225 1250880645.343349 31151
Fri Aug 21 23:02:04 MSD 2009 Unable to run (iptables returning != 1): 1 - /var/ossec/active-response/bin/firewall-drop.sh delete - 88.152.207.166 1250880649.345486 30114
Fri Aug 21 23:02:04 MSD 2009 Unable to run (iptables returning != 1): 2 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.156.81.225 1250880645.343349 31151
Fri Aug 21 23:02:05 MSD 2009 Unable to run (iptables returning != 1): 2 - /var/ossec/active-response/bin/firewall-drop.sh delete - 88.152.207.166 1250880649.345486 30114
Fri Aug 21 23:02:06 MSD 2009 Unable to run (iptables returning != 1): 3 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.156.81.225 1250880645.343349 31151
Fri Aug 21 23:02:07 MSD 2009 Unable to run (iptables returning != 1): 3 - /var/ossec/active-response/bin/firewall-drop.sh delete - 88.152.207.166 1250880649.345486 30114
Fri Aug 21 23:02:10 MSD 2009 Unable to run (iptables returning != 1): 4 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.156.81.225 1250880645.343349 31151
Fri Aug 21 23:02:10 MSD 2009 Unable to run (iptables returning != 1): 4 - /var/ossec/active-response/bin/firewall-drop.sh delete - 88.152.207.166 1250880649.345486 30114
Fri Aug 21 23:02:14 MSD 2009 Unable to run (iptables returning != 1): 5 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.156.81.225 1250880645.343349 31151
Fri Aug 21 23:02:14 MSD 2009 Unable to run (iptables returning != 1): 5 - /var/ossec/active-response/bin/firewall-drop.sh delete - 88.152.207.166 1250880649.345486 30114
Fri Aug 21 23:02:19 MSD 2009 Unable to run (iptables returning != 1): 6 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.156.81.225 1250880645.343349 31151
Fri Aug 21 23:02:19 MSD 2009 Unable to run (iptables returning != 1): 6 - /var/ossec/active-response/bin/firewall-drop.sh delete - 88.152.207.166 1250880649.345486 30114
Fri Aug 21 23:02:24 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 87.155.100.95 1250881344.515504 30114
Fri Aug 21 23:02:24 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 87.155.100.95 1250881344.515504 30114
Fri Aug 21 23:03:14 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 87.175.150.61 1250881394.548976 30114
Fri Aug 21 23:03:14 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 87.175.150.61 1250881394.548976 30114
Fri Aug 21 23:04:10 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 84.129.82.108 1250881450.565618 30114
Fri Aug 21 23:04:10 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 84.129.82.108 1250881450.565618 30114
Fri Aug 21 23:05:40 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 92.72.83.250 1250880879.412651 30114
Fri Aug 21 23:05:40 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 92.72.83.250 1250880879.412651 30114
Fri Aug 21 23:05:40 MSD 2009 Unable to run (iptables returning != 1): 1 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.72.83.250 1250880879.412651 30114
Fri Aug 21 23:05:41 MSD 2009 Unable to run (iptables returning != 1): 2 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.72.83.250 1250880879.412651 30114
Fri Aug 21 23:05:43 MSD 2009 Unable to run (iptables returning != 1): 3 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.72.83.250 1250880879.412651 30114
Fri Aug 21 23:05:46 MSD 2009 Unable to run (iptables returning != 1): 4 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.72.83.250 1250880879.412651 30114
Fri Aug 21 23:05:50 MSD 2009 Unable to run (iptables returning != 1): 5 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.72.83.250 1250880879.412651 30114
Fri Aug 21 23:05:55 MSD 2009 Unable to run (iptables returning != 1): 6 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.72.83.250 1250880879.412651 30114
Fri Aug 21 23:07:10 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 92.76.135.220 1250880961.434517 30114
Fri Aug 21 23:07:10 MSD 2009 Unable to run (iptables returning != 1): 1 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.76.135.220 1250880961.434517 30114
Fri Aug 21 23:07:10 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 92.76.135.220 1250880961.434517 30114
Fri Aug 21 23:07:11 MSD 2009 Unable to run (iptables returning != 1): 2 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.76.135.220 1250880961.434517 30114
Fri Aug 21 23:07:13 MSD 2009 Unable to run (iptables returning != 1): 3 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.76.135.220 1250880961.434517 30114
Fri Aug 21 23:07:16 MSD 2009 Unable to run (iptables returning != 1): 4 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.76.135.220 1250880961.434517 30114
Fri Aug 21 23:07:20 MSD 2009 Unable to run (iptables returning != 1): 5 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.76.135.220 1250880961.434517 30114
Fri Aug 21 23:07:25 MSD 2009 Unable to run (iptables returning != 1): 6 - /var/ossec/active-response/bin/firewall-drop.sh delete - 92.76.135.220 1250880961.434517 30114
Fri Aug 21 23:11:34 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 84.61.226.61 1250881894.612576 30114
Fri Aug 21 23:11:34 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 84.61.226.61 1250881894.612576 30114
Fri Aug 21 23:12:48 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 87.155.100.95 1250881344.515504 30114
Fri Aug 21 23:12:48 MSD 2009 Unable to run (iptables returning != 1): 1 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.155.100.95 1250881344.515504 30114
Fri Aug 21 23:12:48 MSD 2009 /var/ossec/active-response/bin/host-deny.sh add - 84.137.71.15 1250881968.629365 30114
Fri Aug 21 23:12:48 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 87.155.100.95 1250881344.515504 30114
Fri Aug 21 23:12:48 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 84.137.71.15 1250881968.629365 30114
Fri Aug 21 23:12:49 MSD 2009 Unable to run (iptables returning != 1): 2 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.155.100.95 1250881344.515504 30114
Fri Aug 21 23:12:51 MSD 2009 Unable to run (iptables returning != 1): 3 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.155.100.95 1250881344.515504 30114
Fri Aug 21 23:12:54 MSD 2009 Unable to run (iptables returning != 1): 4 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.155.100.95 1250881344.515504 30114
Fri Aug 21 23:12:58 MSD 2009 Unable to run (iptables returning != 1): 5 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.155.100.95 1250881344.515504 30114
Fri Aug 21 23:13:03 MSD 2009 Unable to run (iptables returning != 1): 6 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.155.100.95 1250881344.515504 30114
Fri Aug 21 23:14:18 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 84.129.82.108 1250881450.565618 30114
Fri Aug 21 23:14:18 MSD 2009 Unable to run (iptables returning != 1): 1 - /var/ossec/active-response/bin/firewall-drop.sh delete - 84.129.82.108 1250881450.565618 30114
Fri Aug 21 23:14:18 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 87.175.150.61 1250881394.548976 30114
Fri Aug 21 23:14:18 MSD 2009 /var/ossec/active-response/bin/host-deny.sh delete - 84.129.82.108 1250881450.565618 30114
Fri Aug 21 23:14:18 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh delete - 87.175.150.61 1250881394.548976 30114
Fri Aug 21 23:14:18 MSD 2009 Unable to run (iptables returning != 1): 1 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.175.150.61 1250881394.548976 30114
Fri Aug 21 23:14:19 MSD 2009 Unable to run (iptables returning != 1): 2 - /var/ossec/active-response/bin/firewall-drop.sh delete - 84.129.82.108 1250881450.565618 30114
Fri Aug 21 23:14:19 MSD 2009 Unable to run (iptables returning != 1): 2 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.175.150.61 1250881394.548976 30114
Fri Aug 21 23:14:21 MSD 2009 Unable to run (iptables returning != 1): 3 - /var/ossec/active-response/bin/firewall-drop.sh delete - 84.129.82.108 1250881450.565618 30114
Fri Aug 21 23:14:21 MSD 2009 Unable to run (iptables returning != 1): 3 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.175.150.61 1250881394.548976 30114
Fri Aug 21 23:14:24 MSD 2009 Unable to run (iptables returning != 1): 4 - /var/ossec/active-response/bin/firewall-drop.sh delete - 84.129.82.108 1250881450.565618 30114
Fri Aug 21 23:14:24 MSD 2009 Unable to run (iptables returning != 1): 4 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.175.150.61 1250881394.548976 30114
Fri Aug 21 23:14:28 MSD 2009 Unable to run (iptables returning != 1): 5 - /var/ossec/active-response/bin/firewall-drop.sh delete - 84.129.82.108 1250881450.565618 30114
Fri Aug 21 23:14:29 MSD 2009 Unable to run (iptables returning != 1): 5 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.175.150.61 1250881394.548976 30114
Fri Aug 21 23:14:33 MSD 2009 Unable to run (iptables returning != 1): 6 - /var/ossec/active-response/bin/firewall-drop.sh delete - 84.129.82.108 1250881450.565618 30114
Fri Aug 21 23:14:34 MSD 2009 Unable to run (iptables returning != 1): 6 - /var/ossec/active-response/bin/firewall-drop.sh delete - 87.175.150.61 1250881394.548976 30114
Fri Aug 21 23:14:40 MSD 2009 /var/ossec/active-response/bin/firewall-drop.sh add - 88.65.64.44 1250882080.672027 30114
Top
User avatar
Joe User
Project Manager
Project Manager
Posts: 11191
Joined: 2003-02-27 01:00
Location: Hamburg
Contact:
Contact Joe User
 

Re: Rule: 30114 fired (level 10) -> "Multiple attempts to access non-existent files (web scan) from same source."

Post by Joe User »

Schmeiss das dumme OSSEC weg und sichere Deine Kiste und die Apps vernünftig ab...
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.
Top
Post Reply

Return to “Security”