[BlueOnyx:13712] Re: Message Log

[Greg Kuhnert]

Hi Chuck.

On 19/09/2013, at 2:55 AM, Chuck Tetlow <chuck at tetlow.net> wrote:

> Those log entries show that someone at 195.195.131.183 was trying to connect to 192.168.250.240 on TCP port 80.  So they're trying to hit the webpage at the address 192.168.250.240, but were being blocked by the IPTables firewall software on your BX server. 
> 
> Does that source address mean anything to you?  What is on that destination IP address, and does that site have a webpage?  And probably the most important question - why would the IPTables software be configured to block someone hitting a webpage??  
> 
> I can't imagine DFix or one of the other automated security tools blocking webpage requests to TCP Port 80, but I don't know all those packages well - so it could be something automatic.  But on first guess - I'd suggest someone would have had to manually configure that block.  That then goes back to the last question - why would someone want to block access to a webpage/website?? 

Once DFix detects a bad guy, it will block and log all traffic from that source, including port 80. For example - it might detect on the SSH port, but it will then block ALL ip traffic for a period of time. (Including port 80).

Check mail in your root / admin account from cron to find out what dFix is blocking - that will help you understand why.

Greg.