I have recently noticed strange entries in my apache access logs: WWW.********.COM 195.222.69.86 - - [29/Mar/2001:13:17:05 +0100] "GET http://ctc.pornoground.com/cgi-bin/ctc/ctc.cgi?47917758 HTTP/1.0" 302 235 "http://vikspix.com" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)" WWW.********.COM 195.222.69.86 - - [29/Mar/2001:13:17:10 +0100] "GET http://WWW.********.COM /cobalt_error/fileNotFound.html HTTP/1.0" 404 - "http://vikspix.com" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)" Where the my customer's virtual domain is replaced with WWW.********.COM. I do not host any of the others mentioned above. I at first thought that someone was trying to use this server as a proxy, but there's too few hits for that - just half a dozen a night - every night. I added this IP to hosts.deny, and also created a hosts-deny rewrite rule for apache. That started the 404's seen above, but didn't stop the hits. Is there some exploit that allows someone to use a webserver in this way to generate clicks? Any help appreciated. Regards Mark Remde _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
