Date: Tue, 12 Jun 2007 16:38:37 -0700 From: Chuck Swiger <cswiger@mac.com> To: bob@a1poweruser.com Cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: Apache access log shows these attack requests Message-ID: <A3173DAE-BD44-4E1C-87E9-92DE7315A7B7@mac.com> In-Reply-To: <NBECLJEKGLBKHHFFANMBAEIFCDAA.bob@a1poweruser.com> References: <NBECLJEKGLBKHHFFANMBAEIFCDAA.bob@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 12, 2007, at 2:58 PM, Bob wrote: > I all ready have Apache mod_proxy commented out in httpd.conf and > there is > no php stuff installed in system. Your logfile lines seemed to be oddly truncated, so it's a bit hard to tell, but it sure seemed like some of the requests you showed were getting 200 success responses. I assume you aren't IPs 89.196.37.169 or 122.124.129.55? The requests for AZ.php or azenv.php are trying to reference scripts used to control and "rate" lists of "anonymous" proxies that tend to run either on hacked systems or systems configured to permit the world to use the proxy (generally because of a lack of admin clue rather than by intent). See: http://web.freerk.com/proxyjudge/azenv.htm ...and: http://forum.my-proxy.com/index.php?topic=48.0 ...which actually lists this "http://pro_xy.t35.com/AZ.php" host... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A3173DAE-BD44-4E1C-87E9-92DE7315A7B7>