>> On 10/13/06, rowland onobrauche <[EMAIL PROTECTED] >> Im getting logs such as > >> "GET >> http://www.escorts-etc.com/cgi-bin/ftop100/rankem.cgi?id=gagvault >> HTTP/1.0" 200 147 " http://www.gagvault.com/linkspage.html"; >> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" > >> In some of my httpd access logs, even though this type of site is >> not existant on the server. Anyone seen this before??
Some mis-configured Apache servers will act as an open proxy; that appears to be what this request is. Given that it's logged as a 200 OK, I'd say that you have that! Since it looks like a hit counter - "rankem.cgi" - someone is using your bandwidth to pad their click rates. Better check your configurations! Henry Troup Watchfire Corporation ------------------------------------------------------------------------------ This List Sponsored by: Black Hat Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. http://www.blackhat.com ------------------------------------------------------------------------------
