[nSLUG] Curious httpd log entries...

Ben Armstrong synrg at sanctuary.nslug.ns.ca
Fri Aug 12 08:51:29 ADT 2005


On Fri, 2005-08-12 at 08:17 -0300, David Potter wrote:
> I'm starting to get a number of what, to me, are a few curious entries 
> in my httpd log.  (httpd-2.0.52-3.1)
> 
> I believe that: they are from  related  sites (the ip numbers are close) 
> - however they appear to be coming from different computers (the 
> browsers appear to be different versions) and, ...I can't figure out how 
> the request is finding it's way to this machine.
> 
> A sample of the log with a little more info is located at: 
> http://davidpotter.ns.ca/q1/

I'm not sure how you get a request destined for another site in your
access.log.  Proxied through your web server? (That would be very bad
indeed, and would indicate a security problem you need to fix.)
Spoofed?  (Not so bad: just block these guys and worry no more.)

It's pretty clear they're known spammers, though.

http://groups.google.com/group/news.admin.net-abuse.email/browse_frm/thread/f4e69f3de9dd78be/b1447b4482472444?lnk=st&q=directtrack+spamhaus&rnum=1#b1447b4482472444

Ben

!DSPAM:42fc8d55144421506113296!




More information about the nSLUG mailing list