Re: apache log entry
Not sure If you are who I think you are. By chance did you live in
Virginia and work for Gannon LLc for a short while. If so email me
On 9 Oct 2001, at 11:56, brendan hack wrote:
> Thanks to Bill and James for your responses. It was a proxy attempt. I
> set up my mozilla to use the apache server as a proxy and got the same
> log entries. Luckily though, apache simply returned web pages from the
> local web site instead of proxying them since the ProxyRequests
> directive was not on. I've now removed the proxy modules as well, just
> to be sure (I said I was paranoid).
> William R. Ward wrote:
> > brendan hack writes:
> >>Hi All,
> >> I found a strange entry hidden among all the IIS exploit attempts in my
> >>apache access log today:
> >>220.127.116.11 - - [07/Oct/2001:21:28:44 +1000] "GET
> >>http://18.104.22.168:8283/ HTTP/1.0" 200 756
> >> Does anyone know if this is some sort of attack attempt? It doesn't seem
> >>to make any sense as a log entry as there is no leading '/' on the url
> >>portion and there is no corresponding error log entry saying that the
> >>file 'http://22.214.171.124:8283/' couldn't be found. I also find the
> >>fact that the client IP and the url are the same suspicious. I tried
> >>retrieving the same file myself using mozilla
> >>(http://webserver/http://126.96.36.199:8283/) and it created a similar
> >>access entry but with a '/' at the start of the url and there was an
> >>error log entry generated. There was a peak in traffic from the server
> >>the day after this log entry which instigated the check. Any suggestions
> >>will be appreciated.
> > Someone's trying to use you as a proxy. That's what proxy HTTP
> > requests look like.
> > The "200" code suggests that they succeeded. Add something like this
> > to your httpd.conf to block these. (Delete the "allow" part if you
> > don't want proxying at all; if you do, change the IP addresses to
> > whatever is appropriate for your system.)
> > <Directory proxy:*>
> > order deny,allow
> > deny from all
> > allow from 192.168.0.0/255.255.0.0
> > </Directory>
> > HTH.
> > --Bill.
> Real coders celebrate Christmas at Halloween.
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
Palais Royal / Yves Delorme
1725 Broadway St.
Charlottesville VA 22902
Phone: 1-800-322-3911 ext:308