We have a match. See: 66.232.140.73 - - [31/Jan/2006:07:29:58 +0100] "GET http://xxxx/prxjdg.cgi?ja HTTP/1.0" 404 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
Where the http address maps to an apparently compromised server where these people have installed some kind of proxy (proxy judge ?) > I've seen this type of thing with PHP; I was going to say something but I > figured I would wait since you didn't mention it. Can you correlate the > time/date/ip with the request from access.log? It might give you more > information. I can say, that we get attacked regularly on Sarge and we're a > relatively high volume site with the similar specs, and I've not seen > anything like this as a standard hack - my experience is that this is most > often caused by not filtering/validating forms, global PHP variables, or PHP > scripting errors. I am very curious to know what's going on. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
