GET /proxy-test.php

[Joe Blatz <sd_wireless () yahoo com>]

I spent 18 hours yesterday (including flight time)
cleaning up the mess made by some hacker in the
Netherlands. He was using an unpatched IIS server for
his own ends. (yes, i know this couldn't have happened
without poor administration, but i am not the admin so
please don't yell at me)

As you might expect, I am keeping a very close watch
on this box, and the network on which it resides.
While looking at the IIS logs I saw an odd entry and
was wondering if anyone here has seen anything
similar. I've searched Google and was unable to find
anything that looked related.

2002-05-26 12:13:14 212.244.x.x - x.x.x.x 80 GET
/proxy-test.php - 404 Mozilla/3.01+(PZ)

This could simply be a case of a mis-typed IP address
in a browser, but I would like to know if anyone is
aware of a legitimate program or a hack that would
have "proxy-test.php" residing on a webserver.

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com