1

[kubuntu] OSSEC "Common web attack"

view story
linux-howto

http://ubuntuforums.org – I'm using OSSEC with the web UI, and the logs keep getting the a message saying "Common web attack" with a level 6 severity. However, the source is localhost. Code: 2012 Aug 26 19:14:27 Rule Id: 31104 level: 6 Location: kubuntu->/var/log/apache2/access.log Src IP: 127.0.0.1 Common web attack. Why is OSSEC under the impression that my computer is attacking itself? I looked at /var/log/apache2/access.log and it looks like this. That makes sense because I have Apache set to disallow all incoming data except that from 127.0.0.1 (I'm not running a web site so the rest is (Hardware)