Forum Moderators: phranque
200.103.**218 - - [28/Mar/2006:07:22:54 -0800] "GET http://200.198.**.181:80/carrxigo.php?id=5184&a=&d=822&r=454656&sec=71286372
HTTP/1.1" 200 317 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.0)"69.92.*.3 - - [28/Mar/2006:07:22:55 -0800] "GET http://a38.x.akamai.net/nxx.login.dcn.yahoo.com//?room=''''''''''''''''&ayb=btu&identity=c0der&client=Java2
&.done=chat.yahoo.com&login=palo_&.done=&passwd=x*z HTTP/1.0" 200 8002 "http://login.t*e.yahoo.com/config/login" "-"
70.49.*.194 - - [28/Mar/2006:07:22:55 -0800] "GET http://us.js1.yimg.com/login.india.yahoo.com/config/login?login=riv*&passwd=*ci* HTTP/1.0" 200 4426 "http://www.yahoo.com/" "-"
221.205.**.94 - - [28/Mar/2006:07:22:58 -0800] "GET http://verify.example.com/getimage?0.04757835627308335 HTTP/1.1" 200 295 "http://game.example.com/show/l4show.shtml" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
72.152.***.209 - - [28/Mar/2006:07:22:57 -0800] "GET http://209.73.***.9/?.intl=b5&login=Terii&passwd=1*2*4*6&.done=http://china.brief.yahoo.com/b*//home HTTP/1.0" 999 4443 "-" "-"
219.153.*.110 - - [28/Mar/2006:07:23:01 -0800] "GET http://61.128.***.67:7000 HTTP/1.1" 502 414 "http://www.baidu.com" "mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1;Windows 5.5;Windows 6.0)"
61.129.**.114 - - [28/Mar/2006:07:22:58 -0800] "GET http://union.example.com/proxy/widead.jsp?wid=13*89&cid=26*88 HTTP/1.1" 200 893 "http://example.info" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; SV1; Maxthon)"
87.11.**.31 - - [28/Mar/2006:07:22:56 -0800] "GET http://pn.p*.scd.yahoo.com/big_skip HTTP/1.0" 200 12298 "-" "-"
71.193.**.192 - - [28/Mar/2006:07:23:01 -0800] "GET http://a***.f.akamai.net/edit1.client.vip.s*n.yahoo.com/client/clogin?login=sta_8n&response=0d1fg3fd14
867ef863172eae75aa8085&challenge=HhmGrn~pZqu3eTkNQHeS4hs2Qicz&version=1n HTTP/1.0" 200 4200 "http://login.tp*.yahoo.com/config" "-"
why i have ip that not in my office access my httpd and come from (REFERRER) many way and goto many site that not in my office
last night i have change my real ip of server and they not appear in my access_log again but this morning like they comeback again
is i have been attack by hacker
or this is normal?
please help me , i'm the newbie don't know abount server so much. i have search in google but still have no solution to solve this problem.
thank
[edited by: jdMorgan at 4:37 am (utc) on Mar. 30, 2006]
[edit reason] Delinked, Obscured specifics. Please see Terms of Service. [/edit]
Welcome to WebmasterWorld!
From what I can see:
1) You do not have a firewall on this server. You need one.
2) Your server is configured as an open proxy. Disable the proxy function. See Apache mod_proxy [httpd.apache.org] for details.
Jim
1. i already have firewall. i use shorewall in mandrake
2. i will try to disable proxy
and i have another question
i found this in httpd.conf
RewriteEngine on
RewriteRule ^proxy:.* - [F]
RewriteRule ^(.*\/perl\/.*)$ http://%{HTTP_HOST}:8200$1 [P]
RewriteRule ^(.*\/cgi-perl\/.*)$ http://%{HTTP_HOST}:8200$1 [P]
did i have to comment "RewriteRule ^proxy:.* - [F]" here too?
ProxyRequests off
Note that this disables forward proxies, but does not affect reverse proxies. So your functions in .htaccess should still work. Again, see the link I posted above.
Also take a look at your firewall settings, since these bad requests should not have been allowed to reach your server.
Jim
