RootForum Community

Resources for System-Administrators
https://www.rootforum.org/forum/

Strange Apache access_log file

https://www.rootforum.org/forum/viewtopic.php?t=37137

Page 1 of 1

Strange Apache access_log file

Posted: 2005-10-13 14:23
by termi11
Hallo,

hab gerade bemerkt, dass in einer apache access_log file folgendes steht.
Leider sind viele solcher zugriffe in der Log, und die Domainnamen sagen mir auch nix. Was könnte hier das Problem sein?

Besten Dank !!!

Code: Select all

219.93.174.105 - - [13/Oct/2005:13:44:16 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free-nokia-ringtones.move.to/"
219.93.174.105 - - [13/Oct/2005:13:44:16 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free--ringtones.move.to/" "Wge
219.93.174.105 - - [13/Oct/2005:13:44:16 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free-nextel-ringtones.move.to/
219.93.174.105 - - [13/Oct/2005:13:44:16 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://cingular--ringtones.move.to/"
219.93.174.105 - - [13/Oct/2005:13:44:17 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://verizon--ringtones.move.to/" "
85.100.188.238 - - [13/Oct/2005:13:44:56 +0200] "GET / HTTP/1.1" 200 10134 "http://buy-phentermine.switch.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows N
68.142.251.149 - - [13/Oct/2005:13:45:23 +0200] "GET /robots.txt HTTP/1.0" 200 286 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us
68.142.251.104 - - [13/Oct/2005:13:45:32 +0200] "GET /testsite362/index.php?393 HTTP/1.0" 200 3768 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.y
68.142.251.104 - - [13/Oct/2005:13:45:47 +0200] "GET /testsite362/index.php?id=393&type=2 HTTP/1.0" 200 7107 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; htt
68.142.251.104 - - [13/Oct/2005:13:45:53 +0200] "GET /testsite362/index.php?id=393&type=1 HTTP/1.0" 200 8574 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; htt
85.100.188.238 - - [13/Oct/2005:13:47:15 +0200] "GET / HTTP/1.1" 200 10134 "http://online-xanax.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
194.249.84.167 - - [13/Oct/2005:13:49:43 +0200] "GET / HTTP/1.1" 200 10134 "http://buy-alprazolam.drop.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5
85.104.185.144 - - [13/Oct/2005:13:50:40 +0200] "GET / HTTP/1.1" 200 10134 "http://hydrocodone.mysite.de/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.
85.101.24.84 - - [13/Oct/2005:13:52:18 +0200] "GET / HTTP/1.1" 200 10134 "http://phentermine-.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; S
65.36.241.79 - - [13/Oct/2005:13:54:15 +0200] "HEAD / HTTP/1.1" 200 - "-" "InternetSeer.com"
85.100.188.238 - - [13/Oct/2005:13:54:39 +0200] "GET / HTTP/1.1" 200 10134 "http://online-cialis.go.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
85.101.24.84 - - [13/Oct/2005:13:55:00 +0200] "GET / HTTP/1.1" 200 10134 "http://buy-cialis.hey.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1
195.225.246.147 - - [13/Oct/2005:13:57:39 +0200] "GET / HTTP/1.1" 200 10134 "http://sesso.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
85.101.24.84 - - [13/Oct/2005:13:58:54 +0200] "GET / HTTP/1.1" 200 10135 "http://hydrocodone.mysite.de/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
85.100.188.238 - - [13/Oct/2005:14:00:36 +0200] "GET / HTTP/1.1" 200 10135 "http://online-xanax.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
207.46.98.67 - - [13/Oct/2005:14:00:56 +0200] "GET /index.php?option=com_wrapper&Itemid=52 HTTP/1.0" 200 7375 "-" "msnbot/1.0 (+http://search.msn.com/msnbot
207.46.98.67 - - [13/Oct/2005:14:01:00 +0200] "GET /index.php?option=com_wrapper&Itemid=54 HTTP/1.0" 200 7234 "-" "msnbot/1.0 (+http://search.msn.com/msnbot
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free-nextel-ringtones.move.to/
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://penis-enlargement.move.to/" "W
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://cingular--ringtones.move.to/"
219.93.174.110 - - [13/Oct/2005:14:04:44 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://bedroom-furniture.move.to/" "W
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://buy-vicodin-order.move.to/" "W
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://buy-viagra-online-cheap.move.t
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free-nokia-ringtones.move.to/"
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://free--ringtones.move.to/" "Wge
219.93.174.110 - - [13/Oct/2005:14:04:44 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://verizon--ringtones.move.to/" "
219.93.174.110 - - [13/Oct/2005:14:04:43 +0200] "GET /chCounter/statistics.php?extensive=referers HTTP/1.0" 200 55947 "http://download-free-ringtones.move.t
216.145.54.158 - - [13/Oct/2005:14:06:57 +0200] "GET / HTTP/1.1" 200 10135 "http://buy-viagra.hey.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; S
85.102.113.210 - - [13/Oct/2005:14:08:05 +0200] "GET / HTTP/1.1" 200 10135 "http://alprazolam.go.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV
85.100.188.238 - - [13/Oct/2005:14:12:28 +0200] "GET / HTTP/1.1" 200 10134 "http://online-xanax.get.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
195.225.246.147 - - [13/Oct/2005:14:15:16 +0200] "GET / HTTP/1.1" 200 10134 "http://online-fioricet.drop.to/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT

Re: Strange Apache access_log file

Posted: 2005-10-13 16:43
by Roger Wilco
Termi11 wrote:Leider sind viele solcher zugriffe in der Log, und die Domainnamen sagen mir auch nix. Was könnte hier das Problem sein?
Was stört dich daran? Es übergibt eben jemand einen ungültigen Host-Header und dein Apache liefert dann eben die Index-Seite des 1. VirtualHosts aus (daher Status 200).

Re: Strange Apache access_log file

Posted: 2005-10-13 16:54
by termi11
Da hier auf eine eher unbedeutende Website zugegriffen wird.
Die massiven hits verwundern mich irgendwie....

Re: Strange Apache access_log file

Posted: 2005-10-24 12:01
by eru der eine
Meines Erachtens nach (Achtung, ich bin kein Profi) hat da jemand versucht, deinen Server als Proxy zu missbrauchen.

Eru Der Eine

Re: Strange Apache access_log file

Posted: 2005-10-24 12:57
by termi11
Hmmm, nur wie könnte das Möglich sein, proxy modul im apache2 ist nicht activiert, squid auch nicht (ist ja auch ne apache log datei)....!?

Re: Strange Apache access_log file

Posted: 2005-10-24 19:16
by Roger Wilco
Eru Der Eine wrote:Meines Erachtens nach (Achtung, ich bin kein Profi) hat da jemand versucht, deinen Server als Proxy zu missbrauchen.
Meines Erachtens: Nein. Wenn ein offener Proxy ausgenutzt werden soll, werden die Daten nicht via GET geholt. Es würde dann CONNECT usw. genutzt.
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited