[nSLUG] Curious httpd log entries...
synrg at sanctuary.nslug.ns.ca
Fri Aug 12 08:51:29 ADT 2005
On Fri, 2005-08-12 at 08:17 -0300, David Potter wrote:
> I'm starting to get a number of what, to me, are a few curious entries
> in my httpd log. (httpd-2.0.52-3.1)
> I believe that: they are from related sites (the ip numbers are close)
> - however they appear to be coming from different computers (the
> browsers appear to be different versions) and, ...I can't figure out how
> the request is finding it's way to this machine.
> A sample of the log with a little more info is located at:
I'm not sure how you get a request destined for another site in your
access.log. Proxied through your web server? (That would be very bad
indeed, and would indicate a security problem you need to fix.)
Spoofed? (Not so bad: just block these guys and worry no more.)
It's pretty clear they're known spammers, though.
More information about the nSLUG