Mobileread
Access Log
#1  ZyloxDragon 10-09-2019, 04:50 PM
Hello all, I'm somewhat new to Calibre server. I have it setup currently running through noIP to make it so I can access my collection when I'm out on my work runs. I have a few questions on what some lines are indicating in my Access Log. I would assume that they are portscans, but I'm sure others here have a more in depth knowledge of what they are.

I currently have my firewall setup to block a few countries that I was constantly getting hits from.

87.10.175.94 port-56891 - 09/Oct/2019:03:47:31 -0500 "GET / HTTP/1.0" 200 1893838
60.51.26.230 port-39709 - 09/Oct/2019:03:51:21 -0500 "POST /editBlackAndWhiteList HTTP/1.1" 404 123
85.14.245.156 port-62631 - 09/Oct/2019:14:18:07 -0500 "

Is there a document for the logs of what these indicate that someone can point me to? Generally it seems as though my log stops generating any new lines once I receive that box looking ascii character at the end. I end up having to clear the log so it can begin again.
Reply 

#2  kovidgoyal 10-09-2019, 09:34 PM
No idea what that box character is, presumably somebody trying to crash the server with invalid encoded HTTP requests. The other two lines are just HTTP requests, GETand POST, the second one definitely being a portscan.
Reply 

#3  ZyloxDragon 10-09-2019, 11:31 PM
I saw more after the box character when I opened the log directly thru notepad. It was:

/*à Cookie: mstshash=Administr" 400 148

I'm guessing that particular box character just ends up makes it non-readable from within the application itself? The rest of the line I was able to find on the web as relating to someone trying to RDP into the system.

Thank you for details on the other 2 lines. It's mainly just the GET requests that I have.
Reply 

#4  kovidgoyal 10-10-2019, 01:51 PM
Yeah another portscan, the calibre server simply returned the HTPP 400 bad request error for it.
Reply 

Today's Posts | Search this Thread | Login | Register