Ok, I don't often NOT understand what I'm seeing in my Apache logs, but this is one of those times: (IPs removed to protect the innocent).
<SOME IP> - - [20/Aug/2002:02:32:01 -0400] "GET /_blnk.gif HTTP/1.1" 200 56 "<MY SITE>" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT)::ELNSB50::000041100400030002a00206000000000506000900000000" What the heck is all of that at the end? Is that a Pentium III ID string or something? Also, am I correct in assuming that this (and the address isn't changed because I think he's NOT innocent) adsl212-115.advancedsl.com.ar - - [15/Aug/2002:19:54:58 -0400] "GET http://cpcug.org/scripts/env.cgi HTTP/1.0" 404 275 "-" "Mozilla/3.0 (compatible)" was an attempt to use my proxy to redirect an attack at CPCUG.org? If so, since this is in the ACCESS log and this [Thu Aug 15 19:54:58 2002] [error] [client 200.51.212.115] File does not exist: /var/www/html/scripts/env.cgi was in my error log, am I safe in assuming he did NOT succeed? Or should I look more closely at this? Bill Ward -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
