Thank you Lisa! It's Drupal 7 and is up to date. On 2014-12-02 19:18, Lisa Kachold wrote: > Keith:   > > These are not due to hackers; although if you are running an older > version of Drupal or a heavily customized code base, it's a good bet > you are targeted.  All phishing, most database encroachments tools > and certainly all rogue security scanners include the option to spoof > source addresses. Asia is a commonly used spoofed local.  Don't rely > on locking out one of these scripts, rather than fix your security > issues or upgrade your CMS. > > The 403 errors are due to CCK module or configuration for caching ( or > can be caused by a hosting provider using mod_security): >  https://www.drupal.org/node/110219 [3] /node/add either does not exist or a guest does not have permission to access. Would not a 403 error be in order? I'm thinking just by the nature of someone trying to access /node/add means they are up to no good. It seems counter intuitive to tone down the mod_security settings. I don't care abut the 403 entries in the logs. I just want to understand what is taking place. > > Your httprl_async_function_callback error is a caching configuration > issue in Drupal; not in and of itself a hacking attempt: > https://www.drupal.org/node/2079561 [4] > I have seen https://www.drupal.org/node/2079561, however I think it may require a little more attention - thanks! > On Tue, Dec 2, 2014 at 1:58 PM, Keith Smith > wrote: > >> Hi, >> >> Last night the LAMP server that serves our Drupal install >> crashed.  It had too may available processes and ran out of >> memory.  Reduced the number of available Apache processes and >> everything settled down.  Early this morning the server crashed >> again from what looked like a hack attempt. Data center directed the >> offending IP to NULL?? Problem solved.  Server is behaving. >> >> In looking at the log files I find two things that I need help >> understanding.  Please understand I am not a Drupal developer - I >> am just responsible for it.... >> >> I'm seeing a bunch of 403 errors for trying to access /node/add - >> is this a new exploit?  What is this? >> >> Also I am seeing lines that contain the following: >> >> xx.xx.xx.xx - - [02/Dec/2014:02:40:32 -0800] "POST >> /httprl_async_function_callback?count=2 HTTP/1.0" 200 486 "-" >> "Drupal (+http://drupal.org/ [1])" >> xx.xx.xx.xx - - [02/Dec/2014:02:40:32 -0800] "POST >> /httprl_async_function_callback?count=1 HTTP/1.0" 200 502 "-" >> "Drupal (+http://drupal.org/ [1])" >> xx.xx.xx.xx - - [02/Dec/2014:02:40:32 -0800] "POST >> /httprl_async_function_callback?count=1 HTTP/1.0" 200 502 "-" >> "Drupal (+http://drupal.org/ [1])" >> xx.xx.xx.xx - - [02/Dec/2014:02:40:32 -0800] "POST >> /httprl_async_function_callback?count=1 HTTP/1.0" 200 502 "-" >> "Drupal (+http://drupal.org/ [1])" >> xx.xx.xx.xx - - [02/Dec/2014:02:40:32 -0800] "POST >> /httprl_async_function_callback?count=1 HTTP/1.0" 200 502 "-" >> "Drupal (+http://drupal.org/ [1])" >> xx.xx.xx.xx - - [02/Dec/2014:02:40:32 -0800] "POST >> /httprl_async_function_callback?count=2 HTTP/1.0" 200 486 "-" >> "Drupal (+http://drupal.org/ [1])" >> >> Any idea what this is? >> >> Thank you so much for your help!! >> >> -- >> Keith Smith >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2] > > > > Links: > ------ > [1] http://drupal.org/ > [2] http://lists.phxlinux.org/mailman/listinfo/plug-discuss > [3] https://www.drupal.org/node/110219 > [4] https://www.drupal.org/node/2079561 > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- Keith Smith --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss