apache log entry

To: debian-security@lists.debian.org
Subject: apache log entry
From: brendan hack <bendy@bendys.com>
Date: Tue, 09 Oct 2001 10:08:11 +1000
Message-id: <3BC23FEB.6060409@bendys.com>

Hi All,

I found a strange entry hidden among all the IIS exploit attempts in myapache access log today:

61.177.66.228 - - [07/Oct/2001:21:28:44 +1000] "GEThttp://61.177.66.228:8283/ HTTP/1.0" 200 756

Does anyone know if this is some sort of attack attempt? It doesn't seemto make any sense as a log entry as there is no leading '/' on the urlportion and there is no corresponding error log entry saying that thefile 'http://61.177.66.228:8283/' couldn't be found. I also find thefact that the client IP and the url are the same suspicious. I triedretrieving the same file myself using mozilla(http://webserver/http://61.177.66.228:8283/) and it created a similaraccess entry but with a '/' at the start of the url and there was anerror log entry generated. There was a peak in traffic from the serverthe day after this log entry which instigated the check. Any suggestionswill be appreciated.


just being paranoid

brendan

--
http://www.bendys.com
bendy@bendys.com

Real coders celebrate Christmas at Halloween.

Reply to:

Follow-Ups:
- Re: apache log entry
  - From: bill@wards.net (William R. Ward)
- Re: apache log entry
  - From: James Morgan <ventatsu@deadlode.com>

Prev by Date: re:IPTABLES SOS
Next by Date: Re: apache log entry
Previous by thread: re:IPTABLES SOS
Next by thread: Re: apache log entry
Index(es):
- Date
- Thread