Thanks to Bill and James for your responses. It was a proxy attempt. I set up my mozilla to use the apache server as a proxy and got the same log entries. Luckily though, apache simply returned web pages from the local web site instead of proxying them since the ProxyRequests directive was not on. I've now removed the proxy modules as well, just to be sure (I said I was paranoid).
thanks, brendan William R. Ward wrote: > brendan hack writes: > >>Hi All, >> >> I found a strange entry hidden among all the IIS exploit attempts in my >>apache access log today: >> >>61.177.66.228 - - [07/Oct/2001:21:28:44 +1000] "GET >>http://61.177.66.228:8283/ HTTP/1.0" 200 756 >> >> Does anyone know if this is some sort of attack attempt? It doesn't seem >>to make any sense as a log entry as there is no leading '/' on the url >>portion and there is no corresponding error log entry saying that the >>file 'http://61.177.66.228:8283/' couldn't be found. I also find the >>fact that the client IP and the url are the same suspicious. I tried >>retrieving the same file myself using mozilla >>(http://webserver/http://61.177.66.228:8283/) and it created a similar >>access entry but with a '/' at the start of the url and there was an >>error log entry generated. There was a peak in traffic from the server >>the day after this log entry which instigated the check. Any suggestions >>will be appreciated. >> > > Someone's trying to use you as a proxy. That's what proxy HTTP > requests look like. > > The "200" code suggests that they succeeded. Add something like this > to your httpd.conf to block these. (Delete the "allow" part if you > don't want proxying at all; if you do, change the IP addresses to > whatever is appropriate for your system.) > > <Directory proxy:*> > order deny,allow > deny from all > allow from 192.168.0.0/255.255.0.0 > </Directory> > > HTH. > > --Bill. > > > -- http://www.bendys.com [EMAIL PROTECTED] Real coders celebrate Christmas at Halloween. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
