Security Incidents mailing list archives
Re: Unusual entry in Apache logs
From: Rob Thomas <robt () cymru com>
Date: Fri, 30 May 2008 13:59:35 -0500
Hi, Neil.
125.224.192.192 - - [29/May/2008:09:15:34 -0500] "\x05\x01" 501 3100 "-" "-"
This IP has been sending spam since at least 2008-04-24 15:34:38 UTC. It's also been scanning for the typical proxy ports lately (most recently 2008-05-29 02:34:16 UTC), e.g. TCP 8080, TCP 3128, TCP 1080, and TCP 80. I suspect this is what it was doing when it visited your server. Possibly it's a bot.
Thanks, Rob. -- Rob Thomas Team Cymru The WHO and WHY team http://www.team-cymru.org/
Current thread:
- Unusual entry in Apache logs Neil Dickey (May 29)
- Re: Unusual entry in Apache logs Jonathan Adams (May 30)
- Re: Unusual entry in Apache logs Jonathan Adams (May 30)
- Re: Unusual entry in Apache logs Kosala Atapattu (May 30)
- Re: Unusual entry in Apache logs Rob Thomas (May 30)
- Re: Unusual entry in Apache logs Kevin Day (May 30)
- <Possible follow-ups>
- Re: Unusual entry in Apache logs krymson (May 30)
- Re: Unusual entry in Apache logs Neil Dickey (May 30)
- Re: Unusual entry in Apache logs Jonathan Adams (May 30)