Security Basics mailing list archives

Re: Strange Web Server Log Entries

From: Sean Malloy <spinelli85 () gmail com>
Date: Thu, 6 Dec 2007 21:38:20 -0600

On Thu, Dec 06, 2007 at 08:23:29PM -0500, Jason Muskat de VE3TSJ - GCFA, GCUX, CEI, CEH wrote:

Hello,

Logs are always interesting to review. It does look like the 1st HTTP  
GET request returned the page requested, and it did; however, your  
frame of context is incorrect. You should review your server's virtual  
hosting configuration. I'm sure you will have a default "*" (all)  
virtual host. The request for http://www.microsoft.com/ will serve  
your site's root page (/index.html).

The other requests seem to be an attacker checking to see if your  
server is an open-proxy. The 400 series return (error) codes are a  
good sign that your server is not.


Regards,

-- 
Jason Muskat de VE3TSJ | GCFA, GCUX, CEI, CEH
____________________________
TechDude
e. Jason () TechDude Ca
m. 416 .414 .9934

http://TechDude.Ca/


As for as I can tell all lines in httpd.conf that refer to virtual hosting are commented with a '#' symbol.
I haven't ever done anything with virtual hosts before. Thanks for the
information.
-- 
Sean Malloy
Home Page: www.catgrepsort.com

Current thread:

Strange Web Server Log Entries Sean Malloy (Dec 06)
- Re: Strange Web Server Log Entries Allan Wind (Dec 07)
- Message not available
  - Re: Strange Web Server Log Entries Sean Malloy (Dec 07)
- Re: Strange Web Server Log Entries Jason Muskat de VE3TSJ - GCFA, GCUX, CEI, CEH (Dec 07)
  - Re: Strange Web Server Log Entries Sean Malloy (Dec 07)
- Re: Strange Web Server Log Entries infolookup (Dec 07)
- Re: Strange Web Server Log Entries Sukbum Hong (Dec 07)
  - Re: Strange Web Server Log Entries Sean Malloy (Dec 07)
- Re: Strange Web Server Log Entries Zapotek (Dec 07)
  - Re: Strange Web Server Log Entries steve menard (Dec 07)
    - Re: Strange Web Server Log Entries Zapotek (Dec 07)
    - Re: Strange Web Server Log Entries steve menard (Dec 08)
    - Re: Strange Web Server Log Entries Zapotek (Dec 08)
- Re: Strange Web Server Log Entries 0x90 (Dec 07)
- <Possible follow-ups>
- Re: Strange Web Server Log Entries Sean Malloy (Dec 07)