I have a smal web server running.
In checking the logs I see entries like:
202.102.145.162 - - [26/May/2001:07:17:36 -0400] "GET
http://www.ebay.com/
HTTP/1.1" 401 484
61.137.62.80 - - [27/May/2001:10:08:22 -0400] "GET
http://www.adm.com/
HTTP/1.1" 401 484
61.134.126.138 - - [29/May/2001:14:51:52 -0400] "GET x HTTP/1.0" 400 331
211.163.26.27 - - [30/May/2001:06:20:33 -0400] "GET
http://www.s3.com/
HTTP/1.1" 401 484
and in my error_log
[Tue May 29 14:51:52 2001] [error] [client 61.134.126.138] Invalid URI in
request GET x HTTP/1.0
[Wed May 30 07:29:44 2001] [error] (22)Invalid argument: getsockname
The setup is when our IP is hit with a port 80 request, a username/password
box appears
My questions are:
1. Why are there URL's in the GET's? I tried playing, if I typed in the URL
as a filename
ie:
http://our.ip.address/http://www.ebay.com then the log would show
"GET /
http://www.ebay.com...." How did the GET get that URL?
2. The getsockname error occured, but there is no corresponding access log
for that time frame
I didn't find anything in the apache man files or the tutorials to explain
these entries as I
see them in the logs
Any Ideas on what these are? Is this some kind of exploit?
Thanks.
George Gallen
Senior Programmer/Analyst
Accounting/Data Division
ggallen_at_slackinc.com
ph:856.848.1000 Ext 220
SLACK Incorporated - An innovative information, education and management
company
http://www.slackinc.com
Received on Wed May 30 2001 - 16:08:24 NZST