Re: apache config question - China IP's
On Tue, Feb 21, 2006 at 01:13:42PM -0600, Jacob S wrote......
> > >
> > >>> 221.226.124.109 - - [20/Feb/2006:16:17:10 -0500] "GET
> > >>> http://1-shops.com/prx.php?p=q1w2e3r4t5y6u7i8o9p0*a-b HTTP/1.1"
> > >>> 404 288 "http://www.google.com/intl/en-us/"; "Mozilla/4.0
> > >>> (compatible; MSIE 6.0; Windows NT 5.0; Crazy Browser 1.0.5)"
> > >>>
> > >>> So what is this? They are not requesting pages that exist on my
> > >>> server, but pages on other domains. My server gives the proper
> > >>> error code back - 404.
> > >>>
> > >> They're looking for open proxies. People that are lazy in
> > >> loading/configuring mod_proxy in apache can easily turn a
> > >> webserver into an open proxy. So they scan for one, similar to the
> > >> way we've all seen attempts at finding open smtp gateways or
> > >> easily crackable ssh passwords.
So what does the following mean?
85.145.108.215 - - [24/Feb/2006:19:11:28 -0500] "HEAD
http://www.sun.com/ HTTP/1.0" 200 0 "-" "Mozilla/4.0 (compatible;
ICS)"
Since it has a 200 HTTP code, it would seem to me that the IP
85.145.108.215 successfully reached http://www.sun.com/ via this
server. Am I missing something? Note also that this has a HEAD
method instead of GET. How is that different?
Please also note that I'm seeing multiple, repeated entries in
blocks like this:
64.27.4.15 - - [24/Feb/2006:19:09:50 -0500] "CONNECT
200.45.191.163:25 HTTP/1.0" 200 12617 "-" "-"
These repeat multiple times. Are these successful proxy
connections? Or are these different?
Thanks again,
Kevin
--
Reply to: