Tim <ignored_mail...@yahoo.com.au> writes: > Allegedly, on or about 05 March 2014, lee sent: >> Could someone please explain why/how this may be considered as an >> attack or at least as something bad? > > Have a look at the log line that the original poster sent: > > 185.4.227.194 - - [03/Mar/2014:07:27:49 -0800] "GET > http://24x7-allrequestsallowed.com/?PHPSESSID=1rmsxtj500143TRMUTP_ODZZWA > HTTP/1.1" 200 5264 "-" "-" > > look above here, where the carats are at the end of these hyphens > ---------------------------------------------------------------------^^^ > > That "200" means a successful result, rather than a failure. In other > words, what they tried to do, they did.
Yes --- I was wondering if perhaps some sort of error page might have been served. >> Someone requesting an URL from a web server that doesn´t serve this >> URL --- or doesn´t serve the specified domain at all --- could be >> caused by incorrect responses from name servers, couldn´t it? > > Not, like that. Say, for example, I try to get this page from a > website: www.example.com/pages/test.html The browser will connect to > example.com (presuming that DNS is working), and then it will try to > GET /pages/test.html. The domain name will not be in the GET request. > > e.g. That log line would have looked like: > > 185.4.227.194 - - [03/Mar/2014:07:27:49 -0800] "GET > /?PHPSESSID=1rmsxtj500143TRMUTP_ODZZWA HTTP/1.1" 200 5264 "-" "-" > > As a more normal use of a webserver. I see what you mean, then entries in my log file look like that. As Tom Rivers pointed out in his posts, his tests have shown that someone might have used the web server as a proxy. Now there is probably no way to determine whether what caused this log entry was actually an attack or not, or is there? -- Fedora release 20 (Heisenbug) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
