MrGibbage
Super User
Joined: October 23 2006
Location: United States
Online Status: Offline
Posts: 513
|
| Posted: January 30 2010 at 17:32 | IP Logged
|
|
|
I get log entries like this just about every day:
From: 204.236.188.16
GET http://proxyjudge1.proxyfire.net/fastenv HTTP/1.1
Host: proxyjudge1.proxyfire.net
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Accept: */*
Accept-Language: zh-cn
Connection: Keep-Alive
It's is often times different IP addresses, and sometimes the GET statement is a little different, but nonetheless, I usually have one or two of these a day. I have noticed that these entries look quite different than the entries that are logged when I log onto the server, namely in that these entries always appear singularly, as a single, lonely post. When I log into the server, there is a long stream of entries.
I have had some success blocking the IP addresses at my router, and I can keep doing that, but I was wondering what the PH community at large is doing. I always do a WHOIS on the IP address (the one here is from Amazon.com. Why in the world would they be trying to connect to my server???) I have now banned the entire APNIC (sorry, but just too many entries coming from over there). So, am I safe? It doesn't look like they found anything, but I don't see any 404 errors. Does PH log them somewhere else? Oh, I run my server on a very non-standard port, so these guys aren't just looking to see if I am running a web server.
Ideas? Comments?
|
Active Topics 
Memberlist 
Search 
Help
Register 
Login
PowerHome Messageboard : PowerHome General
Topic: Securing the PH webserver
