access_log entries & security

Boss Hoss · 06-07-2004, 01:57 PM

I'm seeing entries in my /var/log/httpd/access_log like this:

218.11.46.239 - - [07/Jun/2004:14:40:51 -0400] "GET http://surfcorp.com/s.php?uid=21030&...bmit=Go+now%21 HTTP/1.1" 404 305 "http://xxxadulthost.net/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows ME)"

So what exactly does this mean? Why is this showing up on my server logs? Is this the result of someone who has spyware on their browser? Can these "hits" result in high loading of my server?

Is this something I can stop with my firewall?

unSpawn · 06-09-2004, 06:06 PM

218.11.46.239 - - [07/Jun/2004:14:40:51 -0400] "GET http://surfcorp.com/s.php?uid=21030...ubmit=Go+now%21 HTTP/1.1" 404 305 "http://xxxadulthost.net/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows ME)"
To read the line, read it like this (IIRC): remote_ip_address - - [date_format] "REQUEST_TYPE protocol://address" returncode request_size "referrer" "user_agent". Meaning (IIRC) someone tried to request something from surfcorp dot com (Surfcorp dot com being a pay per click search engine). See if you're not unwillingly opened up your Apache for proxying. Depending on what you serve for whom you can block access tru Apache, /etc/hosts.* and your firewall.

Boss Hoss · 06-09-2004, 10:05 PM

Quote:

See if you're not unwillingly opened up your Apache for proxying

So tell me what this means and how to check.