httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Ramsey <robert-ram...@uiowa.edu>
Subject [users@httpd] "sumthin" attack?
Date Fri, 28 Mar 2003 22:15:20 GMT
I noticed log entries looking for "/sumthin" and more that are GETting 
other websites.  When I googled for info, there wasn't much, just that it 
may be an attack of some kind.  Does anyone have any more information or 
ways to check and see if I've been owned?

Here are some of the log entries:

66.20.8.223 - - [26/Mar/2003:20:12:32 -0600] "GET /sumthin HTTP/1.0" 404 
302 "-" "-"
151.200.168.66 - - [27/Mar/2003:02:45:20 -0600] "GET http://www.s3.com/ 
HTTP/1.1" 200 14498 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
62.101.125.229 - - [27/Mar/2003:14:04:27 -0600] "GET /sumthin HTTP/1.0" 404 
302 "-" "-"
61.170.234.48 - - [28/Mar/2003:07:30:33 -0600] "GET http://www.intel.com/ 
HTTP/1.1" 200 14498 "-" "Mozilla/5.0 (compatible; MSIE 5.01; Win2000)"
61.197.201.21 - - [28/Mar/2003:15:49:18 -0600] "GET /sumthin HTTP/1.0" 404 
302 "-" "-"



Any suggestions?

Thanks,


Bob




======================================================================
Bob Ramsey                       Applications Development & Support II
ph:  1(319)335-9956                              216 Boyd Law Building
fax: 1(319)335-9019                  University of Iowa College of Law
mailto:robert-ramsey@uiowa.edu                Iowa City, IA 52242-1113
For Hardware and Software questions, call 5-9124
======================================================================


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message