[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

weird http probes


I noticed the following just now in my apache logs: - - [28/Jun/2004:20:11:46 +0200] "GET / HTTP/1.0" 200 6137
"-" "-" - - [28/Jun/2004:20:12:00 +0200] "GET /index.php HTTP/1.0"
404 269 "-" "-" - - [28/Jun/2004:20:12:00 +0200] "GET /main.php HTTP/1.0"
404 268 "-" "-" - - [28/Jun/2004:20:12:00 +0200] "GET /test.php HTTP/1.0"
404 268 "-" "-" - - [28/Jun/2004:20:12:01 +0200] "GET /index.php3 HTTP/1.0"
404 270 "-" "-" - - [28/Jun/2004:20:12:01 +0200] "GET /phpinfo.php
HTTP/1.0" 200 14249 "-" "-"

What could this be?

I run a very small webserver on this host (just a few personal docs
actually, not even a 'site'), and as far as I know I haven't signed up for
some kind of security probe lately.

Notice the very uncool double reverse resolve of that ip:
$ host domain name pointer nth1.net1plus.com. domain name pointer web.rresults.com.
I don't have any connection to those companies.

I don't know what's the dominant feeling on this right now...
I'm concerned this meight be some kind of security scan (not worried about
that machine, but just about a new attack in general).
I'm a little angry because I meight be used into online statistics without
my permission, and I fear for my privacy if I've ended up on some "probe
these hosts" list.

Could someone shed some light on this?

 Joris <joris@v5.be>

Reply to: