Security Incidents mailing list archives

Re: Strange entries in Apache access_log

From: //Stany <stany () NotBSD org>
Date: Sat, 1 Sep 2001 14:24:07 -0400 (EDT)

On Thu, 30 Aug 2001, Jose Nazario wrote:

On Thu, 30 Aug 2001, Bart Haezeleer wrote:

63.251.5.46 - - [30/Aug/2001:09:20:04 +0200] "GET
http://www.yahoo.com/index.html HTTP/1.1" 200 2890

some sort of screwup? the 200 return code is interesting ...


Looks like this was a search for web proxies.

Is this something to worry about?

not much. just a scanner.


I would be concerned  - not only they are using your bandwidth, they can
also use your system for "carding" something on the internet, and shift
the blame onto you.  Or use your system to bypass access restrictions.  Or
any of the miriad of other things.

Signed:
//Stany
-- 
+-------+ Stanislav N Vardomskiy - Procurator Odiosus Ex Infernis[TM] +-------+
| "Backups we have; it's restores that we find tricky." Richard Letts at ASR  |
| This message is powered by JOLT!  For all the sugar and twice the caffeine. |
+--------+ My words are my own.  LARTs are provided free of charge. +---------+


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re: Strange entries in Apache access_log Ryan Russell (Sep 01)
- Re: Strange entries in Apache access_log Sven Koch (Sep 02)
- Re: Strange entries in Apache access_log Ben Ford (Sep 02)
- <Possible follow-ups>
- Re: Strange entries in Apache access_log Jose Nazario (Sep 01)
  - Re: Strange entries in Apache access_log //Stany (Sep 02)