Brendan, Not sure If you are who I think you are. By chance did you live in Virginia and work for Gannon LLc for a short while. If so email me back. Later, Curtis
On 9 Oct 2001, at 11:56, brendan hack wrote: > Thanks to Bill and James for your responses. It was a proxy attempt. I > set up my mozilla to use the apache server as a proxy and got the same > log entries. Luckily though, apache simply returned web pages from the > local web site instead of proxying them since the ProxyRequests > directive was not on. I've now removed the proxy modules as well, just > to be sure (I said I was paranoid). > > thanks, > > brendan > > > William R. Ward wrote: > > > brendan hack writes: > > > >>Hi All, > >> > >> I found a strange entry hidden among all the IIS exploit attempts in my > >>apache access log today: > >> > >>61.177.66.228 - - [07/Oct/2001:21:28:44 +1000] "GET > >>http://61.177.66.228:8283/ HTTP/1.0" 200 756 > >> > >> Does anyone know if this is some sort of attack attempt? It doesn't seem > >>to make any sense as a log entry as there is no leading '/' on the url > >>portion and there is no corresponding error log entry saying that the > >>file 'http://61.177.66.228:8283/' couldn't be found. I also find the > >>fact that the client IP and the url are the same suspicious. I tried > >>retrieving the same file myself using mozilla > >>(http://webserver/http://61.177.66.228:8283/) and it created a similar > >>access entry but with a '/' at the start of the url and there was an > >>error log entry generated. There was a peak in traffic from the server > >>the day after this log entry which instigated the check. Any suggestions > >>will be appreciated. > >> > > > > Someone's trying to use you as a proxy. That's what proxy HTTP > > requests look like. > > > > The "200" code suggests that they succeeded. Add something like this > > to your httpd.conf to block these. (Delete the "allow" part if you > > don't want proxying at all; if you do, change the IP addresses to > > whatever is appropriate for your system.) > > > > <Directory proxy:*> > > order deny,allow > > deny from all > > allow from 192.168.0.0/255.255.0.0 > > </Directory> > > > > HTH. > > > > --Bill. > > > > > > > > > -- > http://www.bendys.com > [EMAIL PROTECTED] > > Real coders celebrate Christmas at Halloween. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > Curtis Brownley Palais Royal / Yves Delorme 1725 Broadway St. Charlottesville VA 22902 Phone: 1-800-322-3911 ext:308 Fax: 1-804-977-8962 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
