[ale] stupid question to the apache experts
Wandered Inn
esoteric at denali.atlnet.com
Thu Aug 23 08:17:53 EDT 2001
greg at turnstep.com wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > Going through my log just now and I see a GET to a fully qualified
> > url that is in no way related to my site. Anyone explain to me how
> > this could happen? A screwed up dns? Why wouldn't this show up in
> > my error_log?
>
> Could be the Code Red [123] Worm. If the entry is a request for
> "default.ida" with a whole bunch of garbage afterwards, it's
> the worm. Of course, as an Apache user you have nothing at
> all to worry about. :) Check the fourth to last field for the code
> that the browser returned. If it's a 400 series, then you should
> also have a line in the error_log. (This code comes right after
> the GET request.) For example, here are two recent entries
> from my access_log:
It's not code red, I've come to recognize those puppies. I've been
keeping track of those to see when it starts to subside.
I thought I had figured it out as I can get something similar by
requesting: http://nocturnal-aviation.net/http://www.spedia.net although
it presents the GET with an extra '/' in front of the url, so it's not
exact. Here's the full line from the access_log:
202.109.96.131 - - [22/Aug/2001:07:20:37 -0400] "GET
http://www.spedia.net/ HTTP/1.1" 200 717 "-" "Mozilla/4.0 (compatible;
MSIE 4.01; Windows 98)"
As noted, I can reproduce something similar by doing the following in a
browser:
http://nocturnal-aviation.net/http://www.spedia.net
although this presents "GET /http://www.spedia.net" . Note, the extra
'/' following the GET. I can't for the life of me figure out how that
access got logged. Weird. Also, there wasn't anything generated in my
error_log for the access_log entry in question, whereas there is when I
try my partial 'reproduction.'
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
Until later: Geoffrey esoteric at denali.atlnet.com
"I don't want a Microsoft Passport, and Microsoft can't have my wallet."
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list