Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
RE: [suse-security] Apache access_log Questions
  • From: "Dwight Victor" <dvictor@xxxxxxxxxxxxx>
  • Date: Sun, 27 Jul 2003 01:53:38 -1000
  • Message-id: <000301c35435$b85872b0$1a00a8c0@xxxxxxxxxxxx>

Hello list,

I believe I've found the answer (actually, from a previous post to this
list...should have done my search first...oh well):

[ start ]

From: rich_b_nz@xxxxxxxxxxxx [mailto:rich_b_nz@xxxxxxxxxxxx]
Sent: Sunday, February 09, 2003 1:16 AM
To: suse-security@xxxxxxxx
Subject: Re: [suse-security] apache log "GET
http://irc.stealth.net:5558";


Someone is seeing if your apache will proxy for them. If you are using
virtual
hosting, and have a default virtual host set, it likely returned that.

>Hello, in my apache log I find
>
>**.**.***.*** - - [08/Feb/2003:21:23:46 +0100] "GET
>http://irc.stealth.net:5558/ HTTP/1.1" 200 362
>
>What is happening here? I don't host an irc server. How can apache return
>a page that does not exist but is a website or irc server ((as judged by
>the 200 response)? Is this an error in my setup? Thanks, Ruud

[ end ]

Thanks,

Dwight...
dvictor@xxxxxxxxxxxxx


-----Original Message-----
From: Dwight Victor [mailto:dvictor@xxxxxxxxxxxxx]
Sent: Sunday, July 27, 2003 1:33 AM
To: suse-security@xxxxxxxx
Subject: [suse-security] Apache access_log Questions



Hello list,

Today I've received this log entry in my /var/log/httpd/access_log file:

218.2.192.91 - - [27/Jul/2003:01:09:15 -1000] "GET http://www.baidu.com/
HTTP/1.1" 200 18960

I do not have a corresponding error message in my /var/log/httpd/error.log
(Apache server response 200, which means that this request was "ok").

The originating IP address appears to be forged. I'm not sure what kind of
site www.baidu.com is cause it's all in Chinese.

Question # 1: Is my Apache server being misused?

Question # 2: Should I be concerned?

Question # 3: How did they format this request

Question # 4: What can I do to prevent this from occurring again?

Thanks in advance,

Dwight...
dvictor@xxxxxxxxxxxxx


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


< Previous Next >
References