OK. This is interesting. The logs above, with no IP, are from an 10.4.4 installation.
On an 11.5 installation the offending IP is shown:
Code: Select all
62.193.229.100 - - [11/Aug/2014:00:55:15 +0100] "POST /login_up.php3 HTTP/1.1" 200 5027 "-" "-" "-"'/login_up.php3' '' '/usr/local/psa/admin/htdocs'
62.193.229.100 - - [11/Aug/2014:00:55:15 +0100] "POST /login_up.php3 HTTP/1.1" 200 5027 "-" "-" "-"'/login_up.php3' '' '/usr/local/psa/admin/htdocs'
62.193.229.100 - - [11/Aug/2014:00:55:15 +0100] "POST /login_up.php3 HTTP/1.1" 200 5027 "-" "-" "-"'/login_up.php3' '' '/usr/local/psa/admin/htdocs'
62.193.229.100 - - [11/Aug/2014:00:55:15 +0100] "POST /login_up.php3 HTTP/1.1" 200 5027 "-" "-" "-"'/login_up.php3' '' '/usr/local/psa/admin/htdocs'
62.193.229.100 - - [11/Aug/2014:00:55:15 +0100] "POST /login_up.php3 HTTP/1.1" 200 5027 "-" "-" "-"'/login_up.php3' '' '/usr/local/psa/admin/htdocs'
62.193.229.100 - - [11/Aug/2014:00:55:15 +0100] "POST /login_up.php3 HTTP/1.1" 200 5027 "-" "-" "-"'/login_up.php3' '' '/usr/local/psa/admin/htdocs'
62.193.229.100 - - [11/Aug/2014:00:55:16 +0100] "POST /login_up.php3 HTTP/1.1" 200 5027 "-" "-" "-"'/login_up.php3' '' '/usr/local/psa/admin/htdocs'
62.193.229.100 - - [11/Aug/2014:00:55:16 +0100] "POST /login_up.php3 HTTP/1.1" 200 5027 "-" "-" "-"'/login_up.php3' '' '/usr/local/psa/admin/htdocs'
62.193.229.100 - - [11/Aug/2014:00:55:16 +0100] "POST /login_up.php3 HTTP/1.1" 200 5027 "-" "-" "-"'/login_up.php3' '' '/usr/local/psa/admin/htdocs'
62.193.229.100 - - [11/Aug/2014:00:55:16 +0100] "POST /login_up.php3 HTTP/1.1" 200 5027 "-" "-" "-"'/login_up.php3' '' '/usr/local/psa/admin/htdocs'
(I checked, and this IP was connecting to all our Plesk installations on all IPs, all at the same time. I've blocked it via our edge firewall)
Can someone with a Plesk 10.4.4 installation please check to see if IPs are being logged in your
/usr/local/psa/admin/logs/httpsd_access_log
These Plesk installations are running under Virtuozzo. I'm just wondering if 10.4.4 may act differently under Virtuozzo compared to normal, while 11.5 is happy and still logs IPs?
*** I note, however, that ASL didn't take any action even on the 11.5 installation where the IPs were logged.
Is there something special that needs to be enabled?