web server attack
fbsd_user
fbsd_user at a1poweruser.com
Thu Apr 6 21:39:04 UTC 2006
Posted this at 11am and now its 5:30pm and still have not seen this
post return from the list mailer. So posting it again.
In my httpd-access.log I have started receiving a lot of these.
Looks like some kind of attack to me.
This first showed up in my log on April fools day 4/1/06 and
get 4 per hour since then.
The IP address changes every time I add it to firewall rules to
block.
Does anyone know what this is and what I can do to stop it
besides adding the ip address to my firewall block rules?
218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:25 -0400]
"\x04\x01" 200 0 "-" "-"
218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400]
"\x05\x01" 200 0 "-" "-"
218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400]
"CONNECT 4.79.181.15:25 HTTP/1.1" 200 7014 "-" "-"
218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:46 -0400]
"GET http://www.ebay.com/ HTTP/1.1" 200 7014 "-" "Mozilla/4.0
(compatible; MSIE 5.00; Windows 98)"
More information about the freebsd-questions
mailing list