Nonsensical Web Log Entries

Wed Mar 9 20:41:07 UTC 2011

At 03:02 PM 3/9/2011, peter at vfemail.net wrote:
>At 03:06 PM 3/9/2011, Robert Bonomi wrote:
>>> From owner-freebsd-questions at freebsd.org  Wed Mar  9 10:40:23 2011
>>> Date: Wed, 09 Mar 2011 09:57:03 -0500
>>> To: freebsd-questions at freebsd.org
>>> From: peter at vfemail.net
>>> Subject: Nonsensical Web Log Entries
>>>
>>>
>>> I was looking at my Web log this morning, and a bunch of nonsensical 
>>> entries like these caught my attention:
>>>
>>> 124.226.181.80 - - [09/Mar/2011:09:49:58 -0500] "GET http://www.yahoo.com/ HTTP/1.0" 301 294 "-" "Mozilla/4.0 (compatible; > MSIE 6.0; Windows NT 5.1; SV1)"
>>> 123.10.97.102 - - [09/Mar/2011:09:50:01 -0500] "GET http://makeabank.com/faq.cgi HTTP/1.0" 404 3485 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 
>>> 115.225.166.2 - > - [09/Mar/2011:09:50:04 -0500] "GET http://join1.winhundred.com/affiliate/link.php?ref=35840&productid=7178 HTTP/1.0" 404 3485 "http://www.wingclips.com/" "Mozilla/4.0 (compatible; > MSIE 6.0; Windows NT 5.1; SV1)"
>>> 114.97.197.184 - - [09/Mar/2011:09:50:15 -0500] "GET http://www.tosunmail.com/proxyheader.php HTTP/1.0" 301 313 "http://www.cashsoldier.com/VerifyerLevel.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
>>>
>>> Is my FreeBSD box serving as some kind of Web proxy?
>>
>>Your box is _not_ doing the proxying.  that's why it's signalling errors
>>for those requests.
>>
>>The perpetrators are _hoping_ you are running a misconfigured proxying front-
>>end.
>
>Does this entry change your conclusion:
>
>     188.134.62.20 - - [09/Mar/2011:12:15:04 -0500] "GET http://images.google.com/ HTTP/1.1" 200 13134 "-" "-"
>

Here's another entry that's too bizarre for words:

     218.172.209.123 - - [09/Mar/2011:15:38:29 -0500] "\x16\x03\x01" 200 13107 "-" "-"

-------------------------------------------------
This message sent via VFEmail.net
http://www.vfemail.net
$14.95 Lifetime accounts!  15GB disk!  No bandwidth quotas!