[mod-security-users] What is ::1??
Brought to you by:
victorhora,
zimmerletw
From: Russ L. <rl...@nc...> - 2007-03-22 20:53:25
|
I have this report of a bad user the system is reporting the IP as ::1 What is this? Spoofed? ARG! *shivers* =20 I have no clue what this person is trying to do and nothing in the access logs says he is even accessing anything... That's scary... =20 Can I get someone shine some light on this? =20 Below is the log from modsecurity console. What you see is all the modsecurity reported to me. =20 ------------------------------------------------------------------------ --------------------------------------------- Generic Attack Warning. Pattern match "^$" at HEADER("Host") =20 --114f0133-A-- [22/Mar/2007:16:29:02 --0400] yiRTq6wegVEAADErAtgAAAAG ::1 58698 ::1 80 --114f0133-B-- GET / HTTP/1.0 User-Agent: Microsoft-IIS/5.0 (internal dummy connection) =20 --114f0133-F-- HTTP/1.1 301 Moved Permanently Vary: Accept-Encoding,Cookie Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: private, must-revalidate, max-age=3D0 Last-modified: Thu, 22 Mar 2007 20:29:02 GMT Location: http =20 |