Hi,
I'm suspecting security problem for my Apache Web Server.
Host/hosts with different IPs visiting the same site of an apache web server
every 3(+/-) minites.
Server version: Apache/2.0.40
RH 9.0 : Linux-2.4.20-8
Few lines from log:
165.95.173.197 - - [20/Aug/2003:17:38:26 +0600] "GET / HTTP/1.1" 200 2567 "-"
"Mozilla/4.0 (compatible; MSIE 5.5; Windows 98")
65.42.16.11 - - [20/Aug/2003:17:43:12 +0600] "GET / HTTP/1.1" 200 2567 "-"
"Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
218.109.97.43 - - [20/Aug/2003:17:47:05 +0600] "GET / HTTP/1.1" 200 2567 "-"
"Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
218.109.54.22 - - [20/Aug/2003:17:50:39 +0600] "GET / HTTP/1.1" 200 2567 "-"
"Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
24.163.195.113 - - [20/Aug/2003:17:51:07 +0600] "GET / HTTP/1.1" 200 2567 "-"
"Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
218.65.4.5 - - [20/Aug/2003:17:54:28 +0600] "GET / HTTP/1.1" 200 2567 "-"
"Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
64.91.30.134 - - [20/Aug/2003:17:57:18 +0600] "GET / HTTP/1.1" 200 2567 "-"
"Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
..............................................
..............................................
..............................................
..............................................
See.. everyting is same except IP and the time. Don't you think I should
suspect?
One thing I can say that it's nothing in my Server, because if I block my
gateway (MAC 00:20:7B:3C:A4:43) using
iptables -A INPUT -m mac --mac-source 00:20:7B:3C:A4:43 -i eth0 -j REJECT
I get not request in my Apache server.
Anyone have any idea?
Zahid Hossain
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
