Security Basics mailing list archives
Re: Strange Web Server Log Entries
From: "0x90" <secbasics () spam gagspace com>
Date: Fri, 7 Dec 2007 09:17:54 +0100
Just people/bots looking/crawling to find proxies for general/spamming use. As long as you're not an open proxy (which you're not), you shouldn't be worrried. There is not much you can (or should) do about the log entries themselves. If you're feeling generous you can send an email to the owner/providor to bring to their attention that they might be compromised (probably a waste of time for 211.*, 222.* / asian hosts in general, if you ask me :P) - often it will be ignored, at other times they'll say 'thanks, we didn't know'.
Regards, 0x90----- Original Message ----- From: "Sean Malloy" <spinelli85 () gmail com>
To: <security-basics () securityfocus com> Sent: Thursday, December 06, 2007 10:24 PM Subject: Strange Web Server Log Entries
Dear List, What do these entries in my Apache logs mean?65.117.101.194 - - [20/Nov/2007:09:25:39 -0600] "GET http://www.microsoft.com/ HTTP/1.0" 200 2770 65.117.101.194 - - [20/Nov/2007:09:25:39 -0600] "POST http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 405 228 65.117.101.194 - - [20/Nov/2007:09:25:39 -0600] "CONNECT http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 26061.152.255.46 - - [08/Sep/2007:13:24:03 -0500] "GET http://www.intel.com/ HTTP/1.1" 200 2903 61.152.255.46 - - [08/Sep/2007:13:24:07 -0500] "CONNECT www.google.com:443 HTTP/1.0" 405 231222.217.221.214 - - [27/Oct/2007:13:57:45 -0500] "GET http://www.intel.com/ HTTP/1.1" 200 2770222.217.221.214 - - [28/Oct/2007:04:30:05 -0500] "GET http://www.intel.com/ HTTP/1.1" 200 2770219.153.5.169 - - [28/Oct/2007:12:49:02 -0500] "GET http://www.intel.com/ HTTP/1.1" 200 277089.122.48.186 - - [21/Nov/2007:12:42:36 -0600] "HEAD http://www.sun.com/ HTTP/1.1" 200 0I am especially confused about the first lines in each set. I interpret it as "client 65.117.101.194 successfully connected to my webserver and requested the pagehttp://www.microsoft.com";. It looks like someone is trying to bounce an attack off of my webserver. Should I be worried about these entries? The server only servers static XHTML and CSS pages. -- Sean Malloy Home Page: www.catgrepsort.com
Current thread:
- Re: Strange Web Server Log Entries, (continued)
- Re: Strange Web Server Log Entries Jason Muskat de VE3TSJ - GCFA, GCUX, CEI, CEH (Dec 07)
- Re: Strange Web Server Log Entries Sean Malloy (Dec 07)
- Re: Strange Web Server Log Entries infolookup (Dec 07)
- Re: Strange Web Server Log Entries Sukbum Hong (Dec 07)
- Re: Strange Web Server Log Entries Sean Malloy (Dec 07)
- Re: Strange Web Server Log Entries Zapotek (Dec 07)
- Re: Strange Web Server Log Entries steve menard (Dec 07)
- Re: Strange Web Server Log Entries Zapotek (Dec 07)
- Re: Strange Web Server Log Entries steve menard (Dec 08)
- Re: Strange Web Server Log Entries Zapotek (Dec 08)
- Re: Strange Web Server Log Entries steve menard (Dec 07)
- Re: Strange Web Server Log Entries Jason Muskat de VE3TSJ - GCFA, GCUX, CEI, CEH (Dec 07)