httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lewis Watson" <li...@visionsix.com>
Subject Re: [users@httpd] "sumthin" attack?
Date Sat, 29 Mar 2003 01:45:50 GMT

> On Fri, 28 Mar 2003, Bob Ramsey wrote:
>
> > I noticed log entries looking for "/sumthin" and more that are GETting
> > other websites.  When I googled for info, there wasn't much, just that
it
> > may be an attack of some kind.  Does anyone have any more information
or
> > ways to check and see if I've been owned?
> >
> > Here are some of the log entries:
> >
> > 66.20.8.223 - - [26/Mar/2003:20:12:32 -0600] "GET /sumthin HTTP/1.0"
404
> > 302 "-" "-"
> > 151.200.168.66 - - [27/Mar/2003:02:45:20 -0600] "GET
http://www.s3.com/
> > HTTP/1.1" 200 14498 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows
95)"
> > 62.101.125.229 - - [27/Mar/2003:14:04:27 -0600] "GET /sumthin
HTTP/1.0" 404
> > 302 "-" "-"
> > 61.170.234.48 - - [28/Mar/2003:07:30:33 -0600] "GET
http://www.intel.com/
> > HTTP/1.1" 200 14498 "-" "Mozilla/5.0 (compatible; MSIE 5.01; Win2000)"
> > 61.197.201.21 - - [28/Mar/2003:15:49:18 -0600] "GET /sumthin HTTP/1.0"
404
> > 302 "-" "-"


Looks like I have sumthin/ in my logs too. Thats pretty freaky. I have
noticed it for a couple of months now. It returns a 404 error...
Lewis



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message