Hi,
I noticed the following just now in my apache logs: 208.200.158.49 - - [28/Jun/2004:20:11:46 +0200] "GET / HTTP/1.0" 200 6137 "-" "-" 208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] "GET /index.php HTTP/1.0" 404 269 "-" "-" 208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] "GET /main.php HTTP/1.0" 404 268 "-" "-" 208.200.158.49 - - [28/Jun/2004:20:12:00 +0200] "GET /test.php HTTP/1.0" 404 268 "-" "-" 208.200.158.49 - - [28/Jun/2004:20:12:01 +0200] "GET /index.php3 HTTP/1.0" 404 270 "-" "-" 208.200.158.49 - - [28/Jun/2004:20:12:01 +0200] "GET /phpinfo.php HTTP/1.0" 200 14249 "-" "-" What could this be? I run a very small webserver on this host (just a few personal docs actually, not even a 'site'), and as far as I know I haven't signed up for some kind of security probe lately. Notice the very uncool double reverse resolve of that ip: $ host 208.200.158.49 49.158.200.208.in-addr.arpa domain name pointer nth1.net1plus.com. 49.158.200.208.in-addr.arpa domain name pointer web.rresults.com. I don't have any connection to those companies. I don't know what's the dominant feeling on this right now... I'm concerned this meight be some kind of security scan (not worried about that machine, but just about a new attack in general). I'm a little angry because I meight be used into online statistics without my permission, and I fear for my privacy if I've ended up on some "probe these hosts" list. Could someone shed some light on this? -- Greetings, Joris <[EMAIL PROTECTED]>