Apache access log shows these attack requests
Chuck Swiger
cswiger at mac.com
Tue Jun 12 23:38:38 UTC 2007
On Jun 12, 2007, at 2:58 PM, Bob wrote:
> I all ready have Apache mod_proxy commented out in httpd.conf and
> there is
> no php stuff installed in system.
Your logfile lines seemed to be oddly truncated, so it's a bit hard
to tell, but it sure seemed like some of the requests you showed were
getting 200 success responses. I assume you aren't IPs 89.196.37.169
or 122.124.129.55?
The requests for AZ.php or azenv.php are trying to reference scripts
used to control and "rate" lists of "anonymous" proxies that tend to
run either on hacked systems or systems configured to permit the
world to use the proxy (generally because of a lack of admin clue
rather than by intent). See:
http://web.freerk.com/proxyjudge/azenv.htm
...and:
http://forum.my-proxy.com/index.php?topic=48.0
...which actually lists this "http://pro_xy.t35.com/AZ.php" host...
--
-Chuck
More information about the freebsd-questions
mailing list