|
Security Incidents
mailing list archives
http activity
From: Burak DAYIOGLU <dayioglu () METU EDU TR>
Date: Wed, 21 Mar 2001 10:03:09 +0200
Hello,
Surfing through logs of one web server box, I found out these four
lines, which I couldn't figure out. The first line is not a mistake,
but seems to be a purposeful inspection. I searched through the net
but couldn't be able to find out info on a phpads exploit.
The remaining three lines are awkward. First, the dates... Last two
lines have dates with reverse order (i.e. latter line should have been
logged earlier). The time settings on the box seem to be ok as well as
no signs of any intrusions.
Furthermore, with the last three lines, it looks like someone has had
been in search for an open-proxy what then what the heck is the syntax
error in it? I guess http:/ should have been http://, am I missing
something?
Can someone help me figure out these?
cheers,
Burak DAYIOGLU
X.X.X.X - - [19/Mar/2001:23:17:39 +0200] "GET
/adserver/phpads.php3?what=140x60&n=tr HTTP/1.1" 404 226
X.X.X.X - - [20/Mar/2001:01:52:03 +0200] "GET /"http:/some-domain.com",
HTTP/1.0" 404 217
X.X.X.X - - [20/Mar/2001:03:54:36 +0200] "GET /"http:/some-domain.com",
HTTP/1.0" 404 217
X.X.X.X - - [20/Mar/2001:03:43:14 +0200] "GET /"http:/some-domain.com",
HTTP/1.0" 404 217
 By Date 
By Thread
Current thread:
- http activity Burak DAYIOGLU (Mar 21)
|
Intro
