Apache doesn"t log failed SSL negotiation IPs

Apache doesn"t log failed SSL negotiation IPs

am 02.02.2010 11:05:19 von Mike Cardwell

My server has somehow found its self on the end of some strange
behaviour originating from the Pushdo botnet as described here:

http://www.shadowserver.org/wiki/pmwiki.php/Calendar/2010012 9

The infected hosts basically connect to the HTTPS port, send some
garbage and then disconnect without the SSL negotiation even being
completed. My error log is full of stuff like this:

[Mon Feb 01 18:19:37 2010] [error] unusably short session_id provided (1
bytes)

Apache doesn't seem to log the IP address when this happens ... Is there
any way of making it log that information somewhere?

--
Mike Cardwell : UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org