homepage Welcome to WebmasterWorld Guest from 54.166.95.146
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Hacking Attempt - Should I take specific action?
Is default blocking enough?
bottlehall




msg:3616774
 4:28 am on Apr 2, 2008 (gmt 0)

Hi

For some months, I've been getting these or very similar appearing in my logs at the rate of 1-4 per day:

125.65.112.192 - - [30/Mar/2008:13:45:29 +0100] "GET [wantsfly.com...] HTTP/1.0" 404 287 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

What is the point of this request? The GET URI has absolutely nothing to do with either my site (wantsfly.com and the originating IP are both from mainland China).

Should I block everything from this IP just to be on the safe side?

If so, is a rewrite rule the best way to go?

Thanks for any help/info you can give.

Nick

 

Romeo




msg:3617053
 12:35 pm on Apr 2, 2008 (gmt 0)

What is the point of this request?

Seems to be no big deal.
Someone requesting a page that your server doesn't have and sending back a 404.
Do you really need to know more?

It could be anything.
A log spammer? A kiddie? An ill-behaving bot? A ........ (insert other possibilities here)?

Just ignore it.
Or block it, if you find it worth to do so, and if the parameters (like the IP address) remain constant.
And, of course, do not visit the advertized URL.

This is not hacking.

Kind regards,
R.

jdMorgan




msg:3617147
 2:09 pm on Apr 2, 2008 (gmt 0)

This is a probe to see if your server can be used as a proxy. Luckily, it failed.

Note the full canonical address in the Request-URL field, instead of the normal server-relative URL-path. This is very easy to detect, so you can return a 403-Forbidden response if you like.

Jim

bottlehall




msg:3617500
 8:07 pm on Apr 2, 2008 (gmt 0)

Hi

Thanks for the response. What would be the benefit of knowing that my server could be used as a proxy. Presumably something nefarious!

BW

Nick

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved