[TriLUG] Odd. Anyone else seeing this in their Apache logs?
Jon Carnes
jonc at nc.rr.com
Mon Jan 27 13:43:23 EST 2003
The GET may be the check to see if they are successful in breaking into
your system (putting information onto your system.
It's probably automated, since it is coming in with such a frequency.
It may be that they are trying to guess some access password.
You *could* create the document for them and see if the attempts stop,
but I think you should firewall those IP's off and attempt to report the
oddity. Keep in mind that if the activity is malicious then its
probably coming from a PC that has been shanghaied.
Keep us in the loop!
Jon
On Mon, 2003-01-27 at 11:15, Brian Daniels wrote:
> Since Tuesday the 21st I'm seeing requests for 'dfasfdsfdsf' in my Apache
> error logs.
>
> 17736 of them so far. (!)
>
> The requests are coming from a Sprint lv.sprint-hsd.net address and a
> Mindspring biz.mindspring.com address. We're getting 1-3 a minute.
>
> I'd think it was some sort of worm, but what can it hope to accomplish by
> trying to GET dfasfdsfdsf?
>
> --Brian
>
> --
> Question with boldness even the existence of a god;
> because if there be one he must approve of the
> homage of reason more than that of blindfolded fear.
>
> --Thomas Jefferson, Aug. 10, 1787
>
>
> Brian Daniels bitmage at bellsouth.net
> http://www.eviloverlord.net
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
More information about the TriLUG
mailing list