weird logs, possible hacking attempt?!?

Forum Moderators: DixonJones

Message Too Old, No Replies

weird logs, possible hacking attempt?!?

need to worry?

tito

6:08 pm on Feb 2, 2004 (gmt 0)

hello,

i noticed the following logs today:

ns1.domain.net 172.****.xxx.xxx - - [02/Feb/2004:09:51:21 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "-"
www.domain.net 172.xxx.xxx.xxx - - [02/Feb/2004:09:51:21 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "-"
www.domain2.org 172.xxx.xxx.xxx - - [02/Feb/2004:09:51:21 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "-"
www.domain3.net xxx.xxx.xxx.xxx - - [02/Feb/2004:09:51:24 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "-"

please, what does it mean? an hacking attempt?
what worries me is that 200 response code = found.

will be useful to ban that IP on my htaccess?!?

thanks for replies.
tito

Dreamquick

6:55 pm on Feb 2, 2004 (gmt 0)

OPTIONS is part of the HTTP specification, but you don't normally see that many browser-based requests using it since as far as I'm aware it's not something that regular browsers do.

Windows XP uses it in LAN enviroments (as part of the LDAP support I believe), but if you aren't in a LAN enviroment we can rule that one out.

The only other reason I could think it would be used is if someone wanted to see what actions your webserver supports, possibly because they are looking for proxy functionality of some description.

- Tony

tito

8:06 pm on Feb 2, 2004 (gmt 0)

Thanks Dreamquick