Komische Einträge im log-file

  • Thread starter Thread starter blob
  • Start date Start date
B

blob

Guest
Heute fand ich folgendes im log-File, was ich mir überhaupt nicht erklären kann, incl. komische Benutzung eines irc-Servers :6667 . Keine der IP's ist meine. Ist hier etwas bedenklich ?

Code: 
[SIZE="1"]85.190.0.3 - - [26/Oct/2007:13:41:31 -0300] "CONNECT 213.92.8.7:31204 HTTP/1.0" 405 235 "-" "-"
85.190.0.3 - - [26/Oct/2007:13:41:31 -0300] "POST http://213.92.8.7:31204/ HTTP/1.0" 200 9409 "-" "-"
66.225.225.224 - - [26/Oct/2007:13:41:32 -0300] "POST http://194.109.153.2:6667/ HTTP/1.0" 200 9409 "-" "-"
66.225.225.224 - - [26/Oct/2007:13:41:32 -0300] "CONNECT 194.109.153.2:6667 HTTP/1.0" 405 235 "-" "-"
82.99.30.56 - - [26/Oct/2007:13:44:18 -0300] "GET /robots.txt HTTP/1.0" 200 37 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
85.190.0.3 - - [26/Oct/2007:13:48:21 -0300] "POST http://213.92.8.7:31204/ HTTP/1.0" 200 9409 "-" "-"
85.190.0.3 - - [26/Oct/2007:13:48:21 -0300] "CONNECT 213.92.8.7:31204 HTTP/1.0" 405 235 "-" "-"
66.225.225.224 - - [26/Oct/2007:13:48:22 -0300] "POST http://194.109.153.2:6667/ HTTP/1.0" 200 9409 "-" "-"
::1 - - [26/Oct/2007:13:48:24 -0300] "GET / HTTP/1.0" 200 9409 "-" "Apache/2.2.6 (Unix) DAV/2 PHP/5.2.4 (internal dummy connection)"
66.225.225.224 - - [26/Oct/2007:13:48:25 -0300] "CONNECT 194.109.153.2:6667 HTTP/1.0" 405 235 "-" "-"
85.190.0.3 - - [26/Oct/2007:13:57:40 -0300] "POST http://213.92.8.7:31204/ HTTP/1.0" 200 9409 "-" "-"
85.190.0.3 - - [26/Oct/2007:13:57:41 -0300] "CONNECT 213.92.8.7:31204 HTTP/1.0" 405 235 "-" "-"
::1 - - [26/Oct/2007:13:57:42 -0300] "GET / HTTP/1.0" 200 9409 "-" "Apache/2.2.6 (Unix) DAV/2 PHP/5.2.4 (internal dummy connection)"
66.225.225.224 - - [26/Oct/2007:13:57:42 -0300] "POST http://194.109.153.2:6667/ HTTP/1.0" 200 9409 "-" "-"
66.225.225.224 - - [26/Oct/2007:13:57:42 -0300] "CONNECT 194.109.153.2:6667 HTTP/1.0" 405 235 "-" "-"
[/SIZE]
 
Da ist jemand auf der Suche nach einem falsch konfigurierten Apache, den man als Proxy missbrauchen kann. Die IP-Adressen sind die Zieladressen, auf die verbunden werden soll.

Check deinen Apache mal, ob der mod_proxy richtig konfiguriert ist.
 
nichts bedenkliches...

nslookup 85.190.0.3
3.0.190.85.in-addr.arpa name = proxyscan.freenode.net


Inhalt von 'proxyscan.freenode.net':
"If you see portscans/abuse from 85.190.0.3 Please read http://freenode.net/policy.shtml#proxies"

Inhalt von 'http://freenode.net/policy.shtml#proxies"':
"Like many interactive networks, we've had our share of problems with denial-of-service attacks. As a result, we've had to develop a variety of measures to reduce the impact of such attacks. freenode may block access to users whose IRC clients run on hosts with open proxies, IIS servers or other categories of software determined to present special risk to our server environment. We reserve the right to use automation to attempt to detect such software on your host, as you connect to our servers, while you remain connected to the network and on occasion during post-connection analysis. Your use of the network signifies your acceptance."
 
You must log in or register to reply here.
Back
Top