Apache access log shows these attack requests

Chuck Swiger cswiger at mac.com
Tue Jun 12 23:38:38 UTC 2007


On Jun 12, 2007, at 2:58 PM, Bob wrote:
>  I all ready have Apache mod_proxy commented out in httpd.conf and  
> there is
> no php stuff installed in system.

Your logfile lines seemed to be oddly truncated, so it's a bit hard  
to tell, but it sure seemed like some of the requests you showed were  
getting 200 success responses.  I assume you aren't IPs 89.196.37.169  
or 122.124.129.55?

The requests for AZ.php or azenv.php are trying to reference scripts  
used to control and "rate" lists of "anonymous" proxies that tend to  
run either on hacked systems or systems configured to permit the  
world to use the proxy (generally because of a lack of admin clue  
rather than by intent).  See:

http://web.freerk.com/proxyjudge/azenv.htm

...and:

http://forum.my-proxy.com/index.php?topic=48.0

...which actually lists this "http://pro_xy.t35.com/AZ.php" host...

-- 
-Chuck



More information about the freebsd-questions mailing list