apache log entry
Hi All,
I found a strange entry hidden among all the IIS exploit attempts in my
apache access log today:
61.177.66.228 - - [07/Oct/2001:21:28:44 +1000] "GET
http://61.177.66.228:8283/ HTTP/1.0" 200 756
Does anyone know if this is some sort of attack attempt? It doesn't seem
to make any sense as a log entry as there is no leading '/' on the url
portion and there is no corresponding error log entry saying that the
file 'http://61.177.66.228:8283/' couldn't be found. I also find the
fact that the client IP and the url are the same suspicious. I tried
retrieving the same file myself using mozilla
(http://webserver/http://61.177.66.228:8283/) and it created a similar
access entry but with a '/' at the start of the url and there was an
error log entry generated. There was a peak in traffic from the server
the day after this log entry which instigated the check. Any suggestions
will be appreciated.
just being paranoid
brendan
--
http://www.bendys.com
bendy@bendys.com
Real coders celebrate Christmas at Halloween.
Reply to: