Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: "dos-xxx.xxx.xxx.xxx" file being written to \temp |
|
| Author |
|
AlanH
Joined: 05 Aug 2018
Posts: 6
|
 Posted: Wed 05 Sep '18 3:40 Post subject: "dos-xxx.xxx.xxx.xxx" file being written to \temp |
 |
|
Running Apache 2.4 on Windows 2016, have mod security with crs enabled. I noticed a file named "dos-" followed by my own ip address with current date/time. The contents of that file are:
| Code: | Tue Sep 04 21:15:15 2018
PID: 5672
blacklisting address xxx.xxx.xxx.xxx: possible DoS attack.
|
I was accessing the server via a web browser (and had some php bugs to correct). I suspect something flagged my PHP issues as potentially malicious.
Does anyone know what program / module writes that file? I don't see any entry in Apache "errors", "access" and "modsec_audit" log files. I'd really like to know what parameters it uses to create this file and other actions it might take. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Wed 05 Sep '18 4:28 Post subject: |
|
|
| I know mod_evasive will write those |
|
| Back to top |
|
AlanH
Joined: 05 Aug 2018
Posts: 6
|
| Posted: Wed 05 Sep '18 14:14 Post subject: mod_evasive ! |
|
|
| glsmith wrote: | | I know mod_evasive will write those |
Thanks, that was it. I had DOSPageCount set too low, and DOSLogDir wasn't specified at all, that's why the DOS-xxx.xxx.xxx.xxx was being written to \temp. |
|
| Back to top |
|
|
|
|
|
|
