I would like to sanitize url's so I will not see these kind of entries in my log again. Does anyone knows what he's trying to do? They are traveling through my reverse proxy and are passed on to my lighttpd-server. I think they are some kind of hacking attempts.
Can someone please advice? This is part of my lighttpd log (replaced my domain with mydomain.com) the IP is real. 119.202.149.89.in-addr.arpa name = saugnapf.piracy-insi.de. 89.149.202.119 mydomain.com - [16/Sep/2009:19:36:10 +0200] "GET /imdb HTTP/1.1" 200 22077 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 89.149.202.119 mydomain.com - [16/Sep/2009:19:36:14 +0200] "GET /name/[%5E HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 89.149.202.119 mydomain.com - [16/Sep/2009:19:36:15 +0200] "GET /%5C%22/wga%5C%22 HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 89.149.202.119 mydomain.com - [16/Sep/2009:19:36:16 +0200] "GET /title/[%5E HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 89.149.202.119 mydomain.com - [16/Sep/2009:19:36:18 +0200] "GET /%5C%22%22.$site, HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 89.149.202.119 mydomain.com - [16/Sep/2009:19:36:19 +0200] "GET /([%5E HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 89.149.202.119 mydomain.com - [16/Sep/2009:19:36:22 +0200] "GET /%5C%22%22); HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 89.149.202.119 mydomain.com - [16/Sep/2009:19:36:27 +0200] "GET /%5C/title%5C/tt(%5Cd+)%5C/.*%5C HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
