From owner-freebsd-questions  Sun Apr 25  0:47: 6 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from cygnus.rush.net (cygnus.rush.net [209.45.245.133])
	by hub.freebsd.org (Postfix) with ESMTP id 6C57014FE4
	for <questions@FreeBSD.ORG>; Sun, 25 Apr 1999 00:47:04 -0700 (PDT)
	(envelope-from bright@rush.net)
Received: from localhost (bright@localhost)
	by cygnus.rush.net (8.9.3/8.9.3) with SMTP id DAA11844;
	Sun, 25 Apr 1999 03:04:27 -0500 (EST)
Date: Sun, 25 Apr 1999 03:04:22 -0500 (EST)
From: Alfred Perlstein <bright@rush.net>
To: george vagner <kf7nn1@cybertrails.com>
Cc: questions@FreeBSD.ORG
Subject: Re: root server log entries
In-Reply-To: <000201be8ee2$68d69900$0300a8c0@ginger.kf7nn.com>
Message-ID: <Pine.BSF.3.96.990425030213.2095W-100000@cygnus.rush.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 24 Apr 1999, george vagner wrote:

> I have a 2.2.8-stable machine that hosts
> a few virtual domains and there is no
> real root domain, what i mean is that
> all of the domains are under virtual host
> headers.
> 
> I am getting this in my root domain log
> under /var/log/httpd-access.log
> 
> can you explain whats happening here? as you see
> this is the only thing that is hitting the
> root server.
> 
> 
> Feb  9 20:00:00 www newsyslog[3047]: logfile turned over
> 202.101.175.243 - - [26/Mar/1999:06:43:07 -0700] "GET http://www.s3.com
> HTTP/1.1" 200 542 "-" "ProxyHunter"
> 202.98.23.40 - - [09/Apr/1999:05:13:49 -0700] "GET http://www.s3.com
> HTTP/1.1" 200 542 "-" "ProxyHunter"
> 202.98.23.114 - - [09/Apr/1999:07:19:06 -0700] "GET http://www.s3.com
> HTTP/1.1" 200 542 "-" "ProxyHunter"
> el02-24-131-161-84.ce.mediaone.net - - [22/Apr/1999:15:23:16 -0700] "GET
> http://www.s3.com HTTP/1.1" 200 542 "-" "ProxyHunter"
> modemcable117.202-231.mque.videotron.net - - [24/Apr/1999:15:49:01 -0700]
> "GET http://www.s3.com HTTP/1.1" 200 542 "-" "ProxyHunter"

Some bozo is checking to see if your web server will relay web pages.

Basically, they connect to your web server and ask for a page offsite, 
if it returns it, they know you are a proxy, or at least a 
misconfigured proxy.

didn't "ProxyHunter" tip you off?

-Alfred



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message