more apache info

Aaron Howell aaron at kitten.net.au
Sun Jun 9 23:58:18 EDT 2002 

Hi there,
The first one indicates you probably have apache's proxy service turned on.
If that's correct, turn it off, or, restrict it to your own subnet.
The second probably means that once again, someone is ip scanning.
They don't know what hostname your machine is likely to have, so they request the page by ip address (probably to find out if you're running a vulnerable server).
If you're paranoid about that sort of thing, use the apache directive
ServerSignature off
In the main part of your httpd.conf file.
That'll stop apache telling remote hosts what it is.
Regards
Aaron
On Sun, Jun 09, 2002 at 09:59:57PM -0500, Gregory Nowak wrote:
> Hi Again,
> 
> I was going through my apache log files for the last month, and found these. Note that x.x.x.x againrepresents the offenders' ip addresses, and that myip stands for my own ip address.
> 
> 
> x.x.x.x - - [03/Jun/2002:10:22:55 -0500] "GET http://www.s3.com HTTP/1.1" 200 819
> 
> 
> x.x.x.x - - [03/Jun/2002:13:27:15 -0500] "GET http://myip HTTP/1.0" 200 819
> 
> 
> First, why would they be so stupid as to get my server to serve them a different domain. Don't they know their activity and ip address get logged (or maybe logging doesn't happen on windblows web servers)?  According to the logs, my server served them the page. However, I just tried doing what they did, and I can't get the page by trying to get it via going to my regular home page like they did.
> Also, I don't get why they would use my server and explecitly request my ip address as the page they want. I mean, wouldn't they get that right away without having to request it again via the ip address? Thanks.
> Greg
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
     +----------------------------------------------------------+
    /             |\      _,,,---,,_                           /|
   /              /,`.-'`'    -.  ;-;;,_                      / |
  /              |,4-  ) )-,_. ,\ (  `'-'                    /  |
 /             '---''(_/--'  `-'\_)                         /   |
+----------------------------------------------------------+    |
| Aaron Howell                  Kitten Internet            |    |
| aaron at kitten.net.au           Internet consultancy,      |    |
| Phone: +61-417-625550         System administration,     |    |
| fax: +61-7-36010099           system design/integration. |    |
| icq: 6715521                  http://www.kitten.net.au   |    |
|                                                          |    |
|                                                          |    +
|                                                          |   /
|                                                          |  /
|                                                          | /
|                                                          |/
+----------------------------------------------------------+

More information about the Speakup mailing list