Security Incidents mailing list archives
Re: strange http get requests in apache access logs
From: rowland onobrauche <rowland.onobrauche () legendplc com>
Date: Tue, 17 Oct 2006 11:25:12 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 aldiones wrote:
Could you please share how you prevented this from happening in your server? It would be greatly appreciated. Thanks! On 10/16/06, *rowland onobrauche * <rowland.onobrauche () legendplc com <mailto:rowland.onobrauche () legendplc com>> wrote:
Aubs wrote:Care to share with all? on the list - After all you did ask for help :)On 13/10/06, *rowland onobrauche* < rowland.onobrauche () legendplc com<mailto:rowland.onobrauche () legendplc com><mailto:rowland.onobrauche () legendplc com<mailto:rowland.onobrauche () legendplc com>>> wrote:Digital Ebola wrote:On 10/13/06, rowland onobrauche <rowland.onobrauche () legendplc com<mailto:rowland.onobrauche () legendplc com><mailto: rowland.onobrauche () legendplc com<mailto:rowland.onobrauche () legendplc com>>>wrote:Hi all.Im getting logs such as"GET http://www.escorts-etc.com/cgi-bin/ftop100/rankem.cgi?id=gagvault HTTP/1.0" 200 147 " http://www.gagvault.com/linkspage.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"In some of my httpd access logs, even though this type of site is not existant on the server. Anyone seen this before??-------------------------------------------------------------------------------This List Sponsored by: Black HatAttend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations.http://www.blackhat.com -------------------------------------------------------------------------------Are you running any type of proxy configuration?No proxy, but someone has explained what the problem is.thanks very much to all- ------------------------------------------------------------------------------ This List Sponsored by: Black Hat Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. http://www.blackhat.com - ---------------------------------------------------------------------------- Thanks to all for the help. I have since found that it was someone scanning for an open proxy. regards rowlando
- ------------------------------------------------------------------------------ This List Sponsored by: Black Hat Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. http://www.blackhat.com - ------------------------------------------------------------------------------
-- Good design adds value faster than it adds cost.
All i could do was block the ip from the whole network and installed mod_security on this particular server. rowlando -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFNK+Hn71Wg8vs0SURAqVwAJ9idgF6L8KBSnIBjtYuaZ0geZmVkQCgoe7N jObgBm3CqkASSUBvRj3tkFY= =Vp2w -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ This List Sponsored by: Black Hat Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. http://www.blackhat.com ------------------------------------------------------------------------------
Current thread:
- strange http get requests in apache access logs rowland onobrauche (Oct 13)
- Re: strange http get requests in apache access logs Rainer Duffner (Oct 13)
- Message not available
- Re: strange http get requests in apache access logs rowland onobrauche (Oct 13)
- Re: strange http get requests in apache access logs George Cossins (Oct 13)
- Message not available
- Re: strange http get requests in apache access logs rowland onobrauche (Oct 16)
- Message not available
- Re: strange http get requests in apache access logs rowland onobrauche (Oct 17)
- RE: strange http get requests in apache access logs Henry Troup (Oct 17)
- RE: strange http get requests in apache access logs Christine Kronberg (Oct 17)
- Re: strange http get requests in apache access logs rowland onobrauche (Oct 13)
- <Possible follow-ups>
- RE: strange http get requests in apache access logs Hagen, Eric (Oct 13)