On Mon, Feb 20, 2006 at 09:41:42PM -0600, Jacob S wrote......
221.226.124.109 - - [20/Feb/2006:16:17:10 -0500] "GET
http://1-shops.com/prx.php?p=q1w2e3r4t5y6u7i8o9p0*a-b HTTP/1.1"
404 288 "http://www.google.com/intl/en-us/" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0; Crazy Browser 1.0.5)"
So what is this? They are not requesting pages that exist on my
server, but pages on other domains. My server gives the proper
error code back - 404.
They're looking for open proxies. People that are lazy in
loading/configuring mod_proxy in apache can easily turn a
webserver into an open proxy. So they scan for one, similar to the
way we've all seen attempts at finding open smtp gateways or
easily crackable ssh passwords.
So aside from setting up some iptables 'drop' rules, is there any
other way from keeping this from occuring? It's messing up my web
stats since these guys are requesting more non-existent pages that I
have real pages on the website.