Security Basics mailing list archives
Re: Strange Web Server Log Entries
From: Allan Wind <allan_wind () lifeintegrity com>
Date: Thu, 6 Dec 2007 18:53:20 -0500
On 2007-12-06T15:24:24-0600, Sean Malloy wrote:
What do these entries in my Apache logs mean? 65.117.101.194 - - [20/Nov/2007:09:25:39 -0600] "GET http://www.microsoft.com/ HTTP/1.0" 200 2770
It means the client is using your web server as a proxy, and appears to be succeeding for GETs (but not connect and post). You would need to compare the output of said response with what you get from microsoft.com to confirm. For instance: telnet $host $port GET http://www.microsoft.com/ HTTP/1.0 Your favorite search engine will probably present you with tools to do this for you in a browser if you ask it nicely. A few problems with open proxies is that that client waste your resources, and if they attach a 3rd party then law enforcement would come and knock on your door rather than theirs (hopefully to start with). /Allan
Current thread:
- Strange Web Server Log Entries Sean Malloy (Dec 06)
- Re: Strange Web Server Log Entries Allan Wind (Dec 07)
- Message not available
- Re: Strange Web Server Log Entries Sean Malloy (Dec 07)
- Re: Strange Web Server Log Entries Jason Muskat de VE3TSJ - GCFA, GCUX, CEI, CEH (Dec 07)
- Re: Strange Web Server Log Entries Sean Malloy (Dec 07)
- Re: Strange Web Server Log Entries infolookup (Dec 07)
- Re: Strange Web Server Log Entries Sukbum Hong (Dec 07)
- Re: Strange Web Server Log Entries Sean Malloy (Dec 07)
- Re: Strange Web Server Log Entries Zapotek (Dec 07)
- Re: Strange Web Server Log Entries steve menard (Dec 07)
- Re: Strange Web Server Log Entries Zapotek (Dec 07)
- Re: Strange Web Server Log Entries steve menard (Dec 08)
- Re: Strange Web Server Log Entries steve menard (Dec 07)