Hello. I am running an Apage 2.4 server on Debian 8.
Recently, I have noticed that my access log file contains entries like: 198.55.103.73 - - [24/Jul/2017:15:29:45 +0100] "GET http://px.*wangying06*. *com*/?bdc HTTP/1.0" 302 - "http://px.*wangying06*.*com*/?bdc"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 104.223.185.6 - - [24/Jul/2017:15:29:49 +0100] "GET http://*xtt111.com/ <http://xtt111.com/>* HTTP/1.0" 302 - "http://*xtt111*.com/"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 185.15.244.63 - - [24/Jul/2017:15:29:53 +0100] "GET http://*video-edge-c2b188.fra02.hls.ttvnw.net <http://video-edge-c2b188.fra02.hls.ttvnw.net>*/v0/CuMB6xEBCMkhVCGZ7cZqusjVePCtyTK7dX_RVlVaaXrBmlucADyu76w_8Q4HXy9LUMU8DRIHRDAWsT9A89ewCTV9vEx_f-JS9EKj7IxuvDHJVzA8l6M76rpMCpazRc2MAljDmyeIfjcSDXxH5xtbnO8JleLEitzzxxUbC1_orbaV-fjW_qz0GrUX-jpYNBmZanXlnbKzbR7Z1Ryns8sYK0XFOH4zBWKXMJ1tTNTx36QiHG1o_5p3aNtFPcBVyniMYqfcvxS3FCT5YlPbQIL8AVzrO0Zdb2poieNCoQCtY2RvihNPTP4SEPRbc5ZYChuDVbXCKqx7AK0aDHwVdGoDF17Bx2rPjw/index-live.m3u8 HTTP/1.1" 302 - "-" "-" 142.252.249.8 - - [24/Jul/2017:15:29:53 +0100] "GET http://*px.wangying06.com <http://px.wangying06.com>*/?bdc HTTP/1.0" 302 - "http://*px.wangying06.com <http://px.wangying06.com>*/?bdc" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 133.130.116.200 - - [24/Jul/2017:15:29:55 +0100] "GET http://*m.albamon.com <http://m.albamon.com>*/list/gi/mon_gib_read.asp?al_gi_no=49479748&optgf=mdlfocus HTTP/1.1" 302 - "" "Mozilla/5.0 (Linux; Android 5.1.1; SM-G928X Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.83 Mobile Safari/537.36" Note that none of the domains in the log is hosted on my server. But it seems as if *xtt111.com <http://xtt111.com>* was hosted on my server. I thought that my mod_proxy and mod_proxy_http was being abused. So, I have removed these and restarted the server. But I can still see random domains in my log file. It is as if I was under attack as there is an entry every ms or so. Any hint will be very welcome Thank you very much. Arcadius.
