You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Errol Neal <en...@dfi-intl.com> on 2006/06/26 16:19:11 UTC
[users@httpd] Logs indicating something not right!
I think my server is being used a proxy of some sort, but I cannot tell
how..
<VirtualHost *:80>
ServerName XXXXXXXXXXXXXXXX
CustomLog "|/usr/local/sbin/cronolog
/srv/www/dhstracking/logs/%Y-%m-%d-XXXXXXXXXXXXXXX.log" combined
DocumentRoot /srv/www/dhstracking/wwwroot
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
DirectoryIndex login.do
LoadModule rewrite_module
/usr/lib64/apache2-prefork/mod_rewrite.so
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteLog "rewrite.log"
RewriteRule /(.*) https://XXXXXXXXXXXX.com/$1 [R,L]
<Location "/META-INF/">
AllowOverride None
deny from all
</Location>
<Location "/WEB-INF/">
AllowOverride None
deny from all
</Location>
</VirtualHost>
I've posted my logs to an external URL.
http://www.dfi-intl.com/~hidden/suspectlogs.txt.
Essentially, my logs show hits for paths, URLs and files not even hosted
on my box. Is my redirect too wide open?
__________________________________________
Errol Uriel Neal Jr.
Sr. Network Administrator
DFI International, Inc.
1717 Pennsylvania Ave NW, Suite 1300
Washington, DC 20006
Tel (202)452-6955
Fax (202)452-6910
eneal@dfi-intl.com
www.dfi-intl.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Logs indicating something not right!
Posted by Pid <p...@pidster.com>.
Joshua Slive wrote:
> On 6/26/06, Errol Neal <en...@dfi-intl.com> wrote:
>
>> I've posted my logs to an external URL.
>> http://www.dfi-intl.com/~hidden/suspectlogs.txt.
>> Essentially, my logs show hits for paths, URLs and files not even hosted
>> on my box. Is my redirect too wide open?
>
> I don't think these logs show anything particularly concerning. Yes,
> someone is trying to hack into your server. This happens all the time
> to every server on the Internet. But you are just returning redirects
> to your other website. I don't see how that could be a problem.
To be clear, you are not be singled out as a target.
It's more likely that an infected machine is conducting an automated
attack sequence by scanning for IPs with a port 80 service, and then
trying it's luck.
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Logs indicating something not right!
Posted by Joshua Slive <jo...@slive.ca>.
On 6/26/06, Errol Neal <en...@dfi-intl.com> wrote:
> I've posted my logs to an external URL.
> http://www.dfi-intl.com/~hidden/suspectlogs.txt.
> Essentially, my logs show hits for paths, URLs and files not even hosted
> on my box. Is my redirect too wide open?
I don't think these logs show anything particularly concerning. Yes,
someone is trying to hack into your server. This happens all the time
to every server on the Internet. But you are just returning redirects
to your other website. I don't see how that could be a problem.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org