Hello list, I believe I've found the answer (actually, from a previous post to this list...should have done my search first...oh well): [ start ] From: rich_b_nz@clear.net.nz [mailto:rich_b_nz@clear.net.nz] Sent: Sunday, February 09, 2003 1:16 AM To: suse-security@suse.com Subject: Re: [suse-security] apache log "GET http://irc.stealth.net:5558" Someone is seeing if your apache will proxy for them. If you are using virtual hosting, and have a default virtual host set, it likely returned that.
Hello, in my apache log I find
**.**.***.*** - - [08/Feb/2003:21:23:46 +0100] "GET http://irc.stealth.net:5558/ HTTP/1.1" 200 362
What is happening here? I don't host an irc server. How can apache return a page that does not exist but is a website or irc server ((as judged by the 200 response)? Is this an error in my setup? Thanks, Ruud
[ end ] Thanks, Dwight... dvictor@hawaii.rr.com -----Original Message----- From: Dwight Victor [mailto:dvictor@hawaii.rr.com] Sent: Sunday, July 27, 2003 1:33 AM To: suse-security@suse.com Subject: [suse-security] Apache access_log Questions Hello list, Today I've received this log entry in my /var/log/httpd/access_log file: 218.2.192.91 - - [27/Jul/2003:01:09:15 -1000] "GET http://www.baidu.com/ HTTP/1.1" 200 18960 I do not have a corresponding error message in my /var/log/httpd/error.log (Apache server response 200, which means that this request was "ok"). The originating IP address appears to be forged. I'm not sure what kind of site www.baidu.com is cause it's all in Chinese. Question # 1: Is my Apache server being misused? Question # 2: Should I be concerned? Question # 3: How did they format this request Question # 4: What can I do to prevent this from occurring again? Thanks in advance, Dwight... dvictor@hawaii.rr.com -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here