weird http probes

["Joris" <joris@v5.be>]

Hi,


I noticed the following just now in my apache logs:

208.200.158.49 - - [28/Jun/2004:20:11:46 +0200] "GET / HTTP/1.0" 200 6137
"-" "-"
208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] "GET /index.php HTTP/1.0"
404 269 "-" "-"
208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] "GET /main.php HTTP/1.0"
404 268 "-" "-"
208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] "GET /test.php HTTP/1.0"
404 268 "-" "-"
208.200.158.49 - - [28/Jun/2004:20:12:01 +0200] "GET /index.php3 HTTP/1.0"
404 270 "-" "-"
208.200.158.49 - - [28/Jun/2004:20:12:01 +0200] "GET /phpinfo.php
HTTP/1.0" 200 14249 "-" "-"


What could this be?

I run a very small webserver on this host (just a few personal docs
actually, not even a 'site'), and as far as I know I haven't signed up for
some kind of security probe lately.

Notice the very uncool double reverse resolve of that ip:
$ host 208.200.158.49
49.158.200.208.in-addr.arpa domain name pointer nth1.net1plus.com.
49.158.200.208.in-addr.arpa domain name pointer web.rresults.com.
I don't have any connection to those companies.

I don't know what's the dominant feeling on this right now...
I'm concerned this meight be some kind of security scan (not worried about
that machine, but just about a new attack in general).
I'm a little angry because I meight be used into online statistics without
my permission, and I fear for my privacy if I've ended up on some "probe
these hosts" list.


Could someone shed some light on this?

-- 
Greetings,
 Joris <joris@v5.be>