data0213
August 7th, 2008, 08:21 AM
I am using Apache2 on Hardy (versions and modules included below). I recently started pouring through my apache logs recently and found some HTTP Get requests coming from some servers in China such as this:
59.63.157.211 - - [03/Aug/2008:08:57:46 -0400] "GET http://www.wantsfly.com/prx1.php?hash=57A3B266F7FCBF5C4352F9921F404E9CE3CD 61DCCEA4 HTTP/1.0" 404 419 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
I don't have a deep understanding of what happens when you do a GET with an external URL. Can someone please tell me if someone is trying to probe for a vulnerability? How can I secure the server so that I can prevent any attacks through this route?
Thanks,
MT
--------------------------
Apache/2.2.8 (Ubuntu)
DAV/2
mod_python/3.3.1
Python/2.5.2
PHP/5.2.4-2ubuntu5.2 with Suhosin-Patch
mod_ssl/2.2.8
OpenSSL/0.9.8g
mod_perl/2.0.3
Perl/v5.8.8
59.63.157.211 - - [03/Aug/2008:08:57:46 -0400] "GET http://www.wantsfly.com/prx1.php?hash=57A3B266F7FCBF5C4352F9921F404E9CE3CD 61DCCEA4 HTTP/1.0" 404 419 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
I don't have a deep understanding of what happens when you do a GET with an external URL. Can someone please tell me if someone is trying to probe for a vulnerability? How can I secure the server so that I can prevent any attacks through this route?
Thanks,
MT
--------------------------
Apache/2.2.8 (Ubuntu)
DAV/2
mod_python/3.3.1
Python/2.5.2
PHP/5.2.4-2ubuntu5.2 with Suhosin-Patch
mod_ssl/2.2.8
OpenSSL/0.9.8g
mod_perl/2.0.3
Perl/v5.8.8