--On Wednesday, November 16, 2005 10:03 AM -0600 Oil Pine <oil.pine@xxxxxxxxx> wrote:
Reviewing the httpd access log, I found the following entries: 69.209.112.92 - - [16/Nov/2005:09:06:46 -0600] "GET / HTTP/1.0" 200 589 "-" "-" 69.209.184.151 - - [16/Nov/2005:06:38:42 -0600] "GET / HTTP/1.0" 200 589 "-" "-" 69.209.184.151 - - [16/Nov/2005:02:39:10 -0600] "GET / HTTP/1.0" 200 589 "-" "-" 69.209.79.247 - - [16/Nov/2005:02:04:21 -0600] "GET / HTTP/1.0" 200 589 "-" "-" The first two numbers are the same as those of my dynamic IP address, so I assume they are either the customers of my ISP (SBCglobal.net) or the ISP itself. Before I set my server to deny access to these numbers, I would like to know what they are trying to do. I will appreciate any suggestion you may have. pine
They indeed seem all to be ameritech DSL subscriber lines. Looks like "they" try to 1) Find out whether the is webserver 2) Find out the server's type & make 3) Find out what's available at the default virtual server Could be skiddies, could be your ISP trying to find out whether you are running a webserver thus breaching his Terms Of Contract... Seriously dontcha worry mate, I get requests like these all the time from as far away as Pakistan. You can restrict access by IP on the webserver or on the firewall, you can restrict by URL etc. etc. Possibilities are vast, all depends on your security needs. Best, -- David --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|