This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Mystery infestation strikes Linux/Apache Web sites

Posted by: Anonymous [ip: 75.165.41.202] on February 03, 2008 03:31 PM
strange stuff in my log

Any ideas what this is??? There are a bunch of these, looks like someone is using/spoofing IPv6 to access my server. strange thing is the server does not have an IPv6 address.

::1 - - [14/Jan/2008:17:52:14 -0000] "GET / HTTP/1.0" 200 2037

another strange entry, perhaps trying to see if my server is a proxy?
85.190.0.3 - - [15/Jan/2008:19:12:55 -0000] "CONNECT 213.92.8.7:31204 HTTP/1.0" 405 288
85.190.0.3 - - [15/Jan/2008:19:12:55 -0000] "POST http://213.92.8.7:31204/ HTTP/1.0" 404 261
85.190.0.3 - - [16/Jan/2008:23:31:47 -0000] "CONNECT 213.92.8.7:31204 HTTP/1.0" 405 288
85.190.0.3 - - [16/Jan/2008:23:31:47 -0000] "POST http://213.92.8.7:31204/ HTTP/1.0" 404 261
85.190.0.3 - - [17/Jan/2008:03:15:22 -0000] "CONNECT 213.92.8.7:31204 HTTP/1.0" 405 288
85.190.0.3 - - [17/Jan/2008:03:15:22 -0000] "POST http://213.92.8.7:31204/ HTTP/1.0" 404 261


sorry the formatting is all screwed up, this forum software is in dire need of improvement. The log entries start with 85.190 I have not changed the IPs I do not wish to protect the guilty. this was from a dev/test server, there should be no one on it other than myself. -- codeslinger

#

Return to Mystery infestation strikes Linux/Apache Web sites