Lots of nginx errors in logs after upgrade
-
They haven't really thought trough the value and practicality of that feature. Instead of helping to find any real threats it is going to cause more people freak out because there's an unknown scanner probing at multiple hosts on the local network for seemingly random web pages just like a real malware would be.
-
@kpa:
They haven't really thought trough the value and practicality of that feature. Instead of helping to find any real threats it is going to cause more people freak out because there's an unknown scanner probing at multiple hosts on the local network for seemingly random web pages just like a real malware would be.
I would like to know what exact version is being used which is probing ports and directories, if anyone can supply me with this info that would be great. I want to see this for myself. Before I find a gator.
Here is a thought about such probing, considering what has been shown here as far as the locations scanned, any basic server admin would have preventative measures in place to prevent such activities, even if it's only fail2ban. Rendering the utility useless.
-
I'll check with my users, but I think they're running the latest release (and I'm sure this feature is in the latest release), which seems to be 11.2.2262.
-
I have the same problem, and I have win7, using Firefox 64bit, and I have avast antivirus installed.
So whats the conclusion on this matter, if its avast antivirus thats doing the scanning, can it be concidered normal or is a clean install of pfsense recommended?Also, is nginx a legit part of the pfsense install? Or how did this end up on my pfsense?
-
Everything so far says that it is in fact Avast that does the scanning. See if you can turn off the module/service in Avast that does the scanning. Yes, Nginx is now the web server in pfsense that implements the webgui and other related services. It used to be lighttpd in pfSense 2.2.* but was changed for 2.3.*.
-
Interesting how this just started to be noticed in the logs. Or no one has bothered to look before now in this scenario.
-
I can confirm that you can disable this module in Avast - they call it Home Networking Security - and the log entries stop. I wish I could provide detailed steps, but I don't run it myself and I was unable to easily find steps to do so. I only know it's responsible because I had one of my users turn it off. I'd bet it's fairly straightforward in the GUI though.
-
By the way, is this nginx program written as opensource?
-
By the way, is this nginx program written as opensource?
http://nginx.org/en/
Yes it is.
-
I can confirm that you can disable this module in Avast - they call it Home Networking Security - and the log entries stop. I wish I could provide detailed steps, but I don't run it myself and I was unable to easily find steps to do so. I only know it's responsible because I had one of my users turn it off. I'd bet it's fairly straightforward in the GUI though.
Sounds as if I'll be needing that crocodile.
Thanks for confirming. -
Interesting how this just started to be noticed in the logs. Or no one has bothered to look before now in this scenario.
Before 2.3, the 404 logs from the web GUI's web server went to /dev/null. So I'm sure it was happening for quite some time, people just didn't have the logs to notice until more recently.
-
@cmb:
Interesting how this just started to be noticed in the logs. Or no one has bothered to look before now in this scenario.
Before 2.3, the 404 logs from the web GUI's web server went to /dev/null. So I'm sure it was happening for quite some time, people just didn't have the logs to notice until more recently.
That would explain it now. Thanks CMB
