"eoconnor25@xxxxxxxxx" <eoconnor25@xxxxxxxxx> writes: > What's the best way to avoid/prevent this from happening?... > > ----- Reply message ----- > From: "Mark Haney" <mhaney@xxxxxxxxxxxxxx> > To: <users@xxxxxxxxxxxxxxxxxxxxxxx> > Subject: F19: Is this an httpd attack attempt? > Date: Mon, Mar 3, 2014 11:59 am > > > > > On 03/03/14 11:42, Dan Thurman wrote: >> >> It looks to me like a successful indirect connection? >> >> The following is taken from /var/log/httpd/access_log >> >> 185.4.227.194 - - [03/Mar/2014:07:27:49 -0800] "GET >> http://24x7-allrequestsallowed.com/?PHPSESSID=1rmsxtj500143TRMUTP_ODZZWA >> >> > HTTP/1.1" 200 5264 "-" "-" >> > > It certainly looks that way. I see several of those kinds of GETs a > day on our web servers. Not from that particular domain, but similar > types of GETs. > > A quick google points to similar GET requests to that domain as far > back as 2011, and the domain itself isn't live, just a placeholder for > parked domain. Could someone please explain why/how this may be considered as an attack or at least as something bad? Someone requesting an URL from a web server that doesn´t serve this URL --- or doesn´t serve the specified domain at all --- could be caused by incorrect responses from name servers, couldn´t it? What is it in particular that would distinguish the request in question from others? -- Fedora release 20 (Heisenbug) -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
