Greetings:

I've noticed something very weird in the Apache access_log. I'm not
sure what these entries mean. Could someone help me out? We're running
Apache on a Mac OS X Server.

The entries occurred on April 20 and 24. I'm not sure why the server
would return an HTTP return code of 200 on these requests.

61.182.133.232 - - [20/Apr/2004:08:56:09 -0600] "GET
http://bliao.com/?USER=000&PASS=000 HTTP/1.1" 200 1456\
61.182.133.232 - - [20/Apr/2004:08:56:11 -0600] "GET
http://bliao.com/?USER=000&PASS=000 HTTP/1.1" 200 1758\
61.182.133.232 - - [20/Apr/2004:08:56:12 -0600] "GET
http://bliao.com/?USER=000&PASS=000 HTTP/1.1" 200 4668\
61.182.133.232 - - [20/Apr/2004:08:56:12 -0600] "GET
http://bliao.com/?USER=000&PASS=000 HTTP/1.1" 200 662\


220.113.34.72 - - [24/Apr/2004:17:00:10 -0600] "GET
http://www.yahoo.com/ HTTP/1.1" 200 662\
220.113.34.72 - - [24/Apr/2004:17:00:10 -0600] "GET
http://www.yahoo.com/ HTTP/1.1" 200 1758\
220.113.34.72 - - [24/Apr/2004:17:00:10 -0600] "GET
http://www.yahoo.com/ HTTP/1.1" 200 4668\
220.113.34.72 - - [24/Apr/2004:17:00:13 -0600] "GET
http://www.yahoo.com/ HTTP/1.1" 200 1456\

Thanks,
Jeff

[ Post a follow-up to this message ]

"Jeffrey Keil" <keilj_33@yahoo.com> schreef in bericht
news:67f6bbe5.0404261235.53a16172@posting.google.com...
> I've noticed something very weird in the Apache access_log. I'm not
> sure what these entries mean. Could someone help me out? We're running
> Apache on a Mac OS X Server.
> The entries occurred on April 20 and 24. I'm not sure why the server
> would return an HTTP return code of 200 on these requests.
It's just responding Ok on a request and served the opening page of your
site|server

> 61.182.133.232 - - [20/Apr/2004:08:56:09 -0600] "GET
> http://bliao.com/?USER=000&PASS=000 HTTP/1.1" 200 1456\
> 61.182.133.232 - - [20/Apr/2004:08:56:11 -0600] "GET
> http://bliao.com/?USER=000&PASS=000 HTTP/1.1" 200 1758\
> 61.182.133.232 - - [20/Apr/2004:08:56:12 -0600] "GET
> http://bliao.com/?USER=000&PASS=000 HTTP/1.1" 200 4668\
> 61.182.133.232 - - [20/Apr/2004:08:56:12 -0600] "GET
> http://bliao.com/?USER=000&PASS=000 HTTP/1.1" 200 662\

> 220.113.34.72 - - [24/Apr/2004:17:00:10 -0600] "GET
> http://www.yahoo.com/ HTTP/1.1" 200 662\
> 220.113.34.72 - - [24/Apr/2004:17:00:10 -0600] "GET
> http://www.yahoo.com/ HTTP/1.1" 200 1758\
> 220.113.34.72 - - [24/Apr/2004:17:00:10 -0600] "GET
> http://www.yahoo.com/ HTTP/1.1" 200 4668\
> 220.113.34.72 - - [24/Apr/2004:17:00:13 -0600] "GET
> http://www.yahoo.com/ HTTP/1.1" 200 1456\

At the client some crooked DNS or host table is misdirecting these two
domains to your IP.

YM2CT

HansH

[ Post a follow-up to this message ]

HansH wrote:
> "Jeffrey Keil" <keilj_33@yahoo.com> schreef in bericht
> news:67f6bbe5.0404261235.53a16172@posting.google.com... 
> It's just responding Ok on a request and served the opening page of
> your site|server
> 
> 
>
> At the client some crooked DNS or host table is misdirecting these two
> domains to your IP.

Or perhaps trying to use his server asa proxy. (Apache can be configured
to act as one and this person or persons could be tesing.)

--
Trent Curry - trentcurryReMoVe@rEmOvEhotmail.com

[ Post a follow-up to this message ]

keilj_33@yahoo.com (Jeffrey Keil) wrote in message news:<67f6bbe5.0404261235.53a16172@postin
g.google.com>...
> Greetings:
>
> I've noticed something very weird in the Apache access_log. I'm not
> sure what these entries mean. Could someone help me out? We're running
> Apache on a Mac OS X Server.
>
> The entries occurred on April 20 and 24. I'm not sure why the server
> would return an HTTP return code of 200 on these requests.

>
> 220.113.34.72 - - [24/Apr/2004:17:00:10 -0600] "GET
> http://www.yahoo.com/ HTTP/1.1" 200 662\

See:
http://httpd.apache.org/docs/misc/FAQ.html#proxyscan

Joshua.

[ Post a follow-up to this message ]