Re: strange http get requests in apache access logs

[rowland onobrauche <rowland.onobrauche () legendplc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Aubs wrote:

> Care to share with all? on the list - After all you did ask for
> help :)
>
> On 13/10/06, *rowland onobrauche* <
> rowland.onobrauche () legendplc com
> <mailto:rowland.onobrauche () legendplc com>> wrote:

> Digital Ebola wrote:
>
> > On 10/13/06, rowland onobrauche <rowland.onobrauche () legendplc com
> <mailto:rowland.onobrauche () legendplc com>>
> > wrote:
>
>
> > Hi all.
>
> > Im getting logs such as
>
> > "GET
> > http://www.escorts-etc.com/cgi-bin/ftop100/rankem.cgi?id=gagvault
> > HTTP/1.0" 200 147 " http://www.gagvault.com/linkspage.html";
> > "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> > In some of my httpd access logs, even though this type of site is
> > not existant on the server. Anyone seen this before??
>
> > >
> -
> ------------------------------------------------------------------------------
> This List Sponsored by: Black Hat
> > >
> Attend the Black Hat Briefings & Training USA, July 29-August 3 in
> Las Vegas. World renowned security experts reveal tomorrow's
> threats today. Free of vendor pitches, the Briefings are designed
> to be pragmatic regardless of your security environment. Featuring
> 36 hands-on training courses and 10 conference tracks, networking
> opportunities with over 2,500 delegates from 40+ nations.
> > >
> http://www.blackhat.com -
> ------------------------------------------------------------------------------
>
> > >
>
> > Are you running any type of proxy configuration?
>
>
>
>
>
> No proxy, but someone has explained what the problem is.
>
> thanks very much to all

-
------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las
Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless
of your
security environment. Featuring 36 hands-on training courses and 10
conference
tracks, networking opportunities with over 2,500 delegates from 40+
nations.

http://www.blackhat.com
-
----------------------------------------------------------------------------





Thanks to all for the help.

I have since found that it was someone scanning for an open proxy.


regards

rowlando
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFM2NUn71Wg8vs0SURAn95AKDo4PyrFnUvS/lCXiadQqMia2l1KQCgjfmI
8R2RU5QFoqTVEgKVqeXwqJY=
=V9F/
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. 
World renowned security experts reveal tomorrow's threats today. Free of 
vendor pitches, the Briefings are designed to be pragmatic regardless of your 
security environment. Featuring 36 hands-on training courses and 10 conference 
tracks, networking opportunities with over 2,500 delegates from 40+ nations. 

http://www.blackhat.com
------------------------------------------------------------------------------