[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: curious apache log entry



well, it was definitely messed up. i replicated the request by just 
telnetting to port 80 on the server and issueing a get for the full 
path...

telnet 10.6.21.10 80

GET http://http://members.shaw.ca/mypunkpage/ / HTTP/1.1

at the very least, i was able to see what they were getting in response. 
their isp ended up being very cooperative in tracking down what was going 
on and putting a stop to it.


On Fri, 8 Feb 2002, Danny Sauer wrote:

> Couldn't they do that with just a messed-up (either intentionally or
> accidentally) host/dns entry?  I'm pretty sure they could...
> 
> --Danny
> 
> On Fri, Feb 01, 2002 at 11:41:16AM -0600, charles@lunarmedia.net wrote:
> > 24.64.50.122 www.domain.com - [31/Jan/2002:20:34:18 -0600] "GET                                                            
> > http://members.shaw.ca/mypunkpage/images/whatwouldtop.jpg H                                                                         
> > TTP/1.1" 302 227 "http://members.shaw.ca/mypunkpage/content.htm"                                                                    
> > "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)" 
> > 
> > i'm getting this entry in my log files that seems really peculiar. the get 
> > request is for an offnet website with a referral coming from said website. 
> > i'm not exactly certain _how_ its being done here, but it certainly seems 
> > malicious. at very least filling my logs.
> > 
> > can someone explain why this request is being processed by apache? the 
> > status 302 make me believe that this is being passed.
> 
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
> 


-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.