Re: apache being hit

• Previous message: Dipl.Ing. Alexander Patuzzi: "Problems during installation of base system"
• In reply to: Dan Roozemond: "RE: apache being hit"
• Next in thread: Roberto Winter: "Re: apache being hit"
• Reply: Roberto Winter: "Re: apache being hit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 09 Nov 2004 17:57:39 +0100
To: debian-user@lists.debian.org

Hi,

>>Er... sorry to all, but I just noticed that I am STILL getting a lot
>>of requests (sorry for marking this as solved!... my mistake).
>
>
> Maybe some of the websites 'abusing' you still have you listed as an open
> proxy. This would mean the requests are made, but not succesfully answered
> by your server.
>
> For example, you should worry if your access log shows:
>
> 10.0.0.31 - - [09/Nov/2004:17:27:01 +0100] "GET /apache2-default/ HTTP/1.1"
> 200 1969 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
> CLR 1.1.4322)"
>
> Since the '200' after the request (the GET) means succesfull.
>
> However, you should not worry if your access log shows:
>
> 193.147.68.144 - - [09/Nov/2004:02:14:22 +0100] "GET
> /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 346 "-" "-"
> 193.147.68.141 - - [09/Nov/2004:08:16:54 +0100] "GET
> /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 346 "-" "-"
>
> Since the '404' after the request (the GET) means failed.

that's right! 404 is the correct result code, if they are still trying
to use your server as a proxy. Don't be scared, that's normal...

You can also test this by yourself by using telnet. Just do this:

        telnet your.server.ip 80

You will then receive this:

        Trying your.server.ip...
        Connected to your.server.ip.
        Escape character is '^]'.

After this enter the following:

        GET http://www.google.com HTTP/1.0

Now press enter twice! You will then receive HTML-Code, but
not the one from google ;O)

You will receive your standard 404 error page and so always
the same for all requests of this kind. You can also see in
the logfile after the result code 404 the size (bytes) of
the response from your server. This should now always be the
same and if you compare this to your earlier logs, you'll
see the difference.

Mathias

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Dipl.Ing. Alexander Patuzzi: "Problems during installation of base system"
• In reply to: Dan Roozemond: "RE: apache being hit"
• Next in thread: Roberto Winter: "Re: apache being hit"
• Reply: Roberto Winter: "Re: apache being hit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]