Strange Apache access_log file

Rund um die Sicherheit des Systems und die Applikationen
termi11
Posts: 34
Joined: 2004-05-10 10:07
Location: Luxemburg

Strange Apache access_log file

Post by termi11 » 2005-10-13 14:23

Hallo,

hab gerade bemerkt, dass in einer apache access_log file folgendes steht.
Leider sind viele solcher zugriffe in der Log, und die Domainnamen sagen mir auch nix. Was könnte hier das Problem sein?

Besten Dank !!!

Code: Select all

219.93.174.105 - - [13/Oct/2005:13:44:16 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free-nokia-ringtones.move.to/"
219.93.174.105 - - [13/Oct/2005:13:44:16 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free--ringtones.move.to/" "Wge
219.93.174.105 - - [13/Oct/2005:13:44:16 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free-nextel-ringtones.move.to/
219.93.174.105 - - [13/Oct/2005:13:44:16 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://cingular--ringtones.move.to/"
219.93.174.105 - - [13/Oct/2005:13:44:17 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://verizon--ringtones.move.to/" "
85.100.188.238 - - [13/Oct/2005:13:44:56 +0200] "GET / HTTP/1.1" 200 10134 "http://buy-phentermine.switch.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows N
68.142.251.149 - - [13/Oct/2005:13:45:23 +0200] "GET /robots.txt HTTP/1.0" 200 286 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us
68.142.251.104 - - [13/Oct/2005:13:45:32 +0200] "GET /testsite362/index.php?393 HTTP/1.0" 200 3768 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.y
68.142.251.104 - - [13/Oct/2005:13:45:47 +0200] "GET /testsite362/index.php?id=393&type=2 HTTP/1.0" 200 7107 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; htt
68.142.251.104 - - [13/Oct/2005:13:45:53 +0200] "GET /testsite362/index.php?id=393&type=1 HTTP/1.0" 200 8574 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; htt
85.100.188.238 - - [13/Oct/2005:13:47:15 +0200] "GET / HTTP/1.1" 200 10134 "http://online-xanax.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
194.249.84.167 - - [13/Oct/2005:13:49:43 +0200] "GET / HTTP/1.1" 200 10134 "http://buy-alprazolam.drop.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5
85.104.185.144 - - [13/Oct/2005:13:50:40 +0200] "GET / HTTP/1.1" 200 10134 "http://hydrocodone.mysite.de/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.
85.101.24.84 - - [13/Oct/2005:13:52:18 +0200] "GET / HTTP/1.1" 200 10134 "http://phentermine-.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; S
65.36.241.79 - - [13/Oct/2005:13:54:15 +0200] "HEAD / HTTP/1.1" 200 - "-" "InternetSeer.com"
85.100.188.238 - - [13/Oct/2005:13:54:39 +0200] "GET / HTTP/1.1" 200 10134 "http://online-cialis.go.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
85.101.24.84 - - [13/Oct/2005:13:55:00 +0200] "GET / HTTP/1.1" 200 10134 "http://buy-cialis.hey.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1
195.225.246.147 - - [13/Oct/2005:13:57:39 +0200] "GET / HTTP/1.1" 200 10134 "http://sesso.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
85.101.24.84 - - [13/Oct/2005:13:58:54 +0200] "GET / HTTP/1.1" 200 10135 "http://hydrocodone.mysite.de/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
85.100.188.238 - - [13/Oct/2005:14:00:36 +0200] "GET / HTTP/1.1" 200 10135 "http://online-xanax.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
207.46.98.67 - - [13/Oct/2005:14:00:56 +0200] "GET /index.php?option=com_wrapper&Itemid=52 HTTP/1.0" 200 7375 "-" "msnbot/1.0 (+http://search.msn.com/msnbot
207.46.98.67 - - [13/Oct/2005:14:01:00 +0200] "GET /index.php?option=com_wrapper&Itemid=54 HTTP/1.0" 200 7234 "-" "msnbot/1.0 (+http://search.msn.com/msnbot
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free-nextel-ringtones.move.to/
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://penis-enlargement.move.to/" "W
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://cingular--ringtones.move.to/"
219.93.174.110 - - [13/Oct/2005:14:04:44 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://bedroom-furniture.move.to/" "W
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://buy-vicodin-order.move.to/" "W
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://buy-viagra-online-cheap.move.t
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free-nokia-ringtones.move.to/"
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free--ringtones.move.to/" "Wge
219.93.174.110 - - [13/Oct/2005:14:04:44 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://verizon--ringtones.move.to/" "
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://download-free-ringtones.move.t
216.145.54.158 - - [13/Oct/2005:14:06:57 +0200] "GET / HTTP/1.1" 200 10135 "http://buy-viagra.hey.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; S
85.102.113.210 - - [13/Oct/2005:14:08:05 +0200] "GET / HTTP/1.1" 200 10135 "http://alprazolam.go.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV
85.100.188.238 - - [13/Oct/2005:14:12:28 +0200] "GET / HTTP/1.1" 200 10134 "http://online-xanax.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
195.225.246.147 - - [13/Oct/2005:14:15:16 +0200] "GET / HTTP/1.1" 200 10134 "http://online-fioricet.drop.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT


Roger Wilco
Administrator
Administrator
Posts: 5924
Joined: 2004-05-23 12:53

Re: Strange Apache access_log file

Post by Roger Wilco » 2005-10-13 16:43

Termi11 wrote:Leider sind viele solcher zugriffe in der Log, und die Domainnamen sagen mir auch nix. Was könnte hier das Problem sein?
Was stört dich daran? Es übergibt eben jemand einen ungültigen Host-Header und dein Apache liefert dann eben die Index-Seite des 1. VirtualHosts aus (daher Status 200).

termi11
Posts: 34
Joined: 2004-05-10 10:07
Location: Luxemburg

Re: Strange Apache access_log file

Post by termi11 » 2005-10-13 16:54

Da hier auf eine eher unbedeutende Website zugegriffen wird.
Die massiven hits verwundern mich irgendwie....

eru der eine
Posts: 25
Joined: 2005-10-24 11:41

Re: Strange Apache access_log file

Post by eru der eine » 2005-10-24 12:01

Meines Erachtens nach (Achtung, ich bin kein Profi) hat da jemand versucht, deinen Server als Proxy zu missbrauchen.

Eru Der Eine

termi11
Posts: 34
Joined: 2004-05-10 10:07
Location: Luxemburg

Re: Strange Apache access_log file

Post by termi11 » 2005-10-24 12:57

Hmmm, nur wie könnte das Möglich sein, proxy modul im apache2 ist nicht activiert, squid auch nicht (ist ja auch ne apache log datei)....!?

Roger Wilco
Administrator
Administrator
Posts: 5924
Joined: 2004-05-23 12:53

Re: Strange Apache access_log file

Post by Roger Wilco » 2005-10-24 19:16

Eru Der Eine wrote:Meines Erachtens nach (Achtung, ich bin kein Profi) hat da jemand versucht, deinen Server als Proxy zu missbrauchen.
Meines Erachtens: Nein. Wenn ein offener Proxy ausgenutzt werden soll, werden die Daten nicht via GET geholt. Es würde dann CONNECT usw. genutzt.