[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Apache logs

Subject: [cobalt-users] Apache logs
From: "Mark Remde" <mark@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sat Apr 7 08:36:07 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Reposted to users group:

I have recently noticed strange entries in my apache 
access logs:

WWW.********.COM 195.222.69.86 - - [29/Mar/2001:13:17:05 +0100] "GET http://ctc.pornoground.com/cgi-bin/ctc/ctc.cgi?47917758 HTTP/1.0" 302 235 "http://vikspix.com"; "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
WWW.********.COM 195.222.69.86 - - [29/Mar/2001:13:17:10 +0100] "GET http://WWW.********.COM /cobalt_error/fileNotFound.html HTTP/1.0" 404 - "http://vikspix.com"; "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"

Where the my customer's virtual domain is replaced with
 WWW.********.COM. I do not host any of dodgy doamins 
mentioned above.

I at first thought that someone was trying to use this
server as a proxy, but there's too few hits for that 
- just half a dozen a night - every night.
I added this IP to hosts.deny, and also created a
hosts-deny rewrite rule for apache. That started
the 404's seen above, but didn't stop the hits.

Is there some exploit that allows someone to use 
a webserver in this way to generate clicks? How do I
prevent this? These nasty entries do not look good in
my clients web stats.

Any help appreciated.

Regards
Mark Remde

Follow-Ups:
- Re: [cobalt-users] Apache logs
  - From: flash22

Prev by Date: [cobalt-users] Portsentry installation problem...
Next by Date: [cobalt-users] Squid (Proxy) Reporting Tools
Previous by thread: [cobalt-users] PortSentry Installation for Newbies
Next by thread: Re: [cobalt-users] Apache logs

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index