LinuxQuestions.org - /var/log/http/access

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - /var/log/http/access_log (https://www.linuxquestions.org/questions/linux-security-4/var-log-http-access_log-512855/)

/var/log/http/access_log

Hi,

**mods - if this isn't the right place for this, let me know**

I was looking thru my logs today, and on my mailserver/webserver i found this in my logwatch logs under 404 forbidden.

http://66.29.102.2/~antigoth/printenv.php: 1 Time(s)

and in my var/log/http/access_log I have this:

82.165.243.51 - - [21/Dec/2006:12:02:23 -0600] "GET http://66.29.102.2/~antigoth/printenv.php HTTP/1.1" 404 220 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

On a differnt pc, I followed that link and I get a page that says just this:

REMOTE_ADDR=<my IP address>
HTTP_X_FORWARDED_FOR=

Anyone able to tell me what this is? New additions to this server is the installation of squirrelmail and dovecot-imap server.

Thanks in advance.

Some PC with IP address 82.165.243.51 has contacted your server, requesting document http://66.29.102.2/~antigoth/printenv.php. Your server subsequently replied that it didn't have the document (error 404)

I'm not sure why the other PC chose to request this document of your server, but other than that, this looks fairly common.

Groetjes,

Kees-Jan

Okay thanks. I'm just being more cautious now. Last month everything on my server just "disappeared". So I'm trying to keep tabs, and things up to date, and implement security.

Thanks.

Just to add, it's a proxy attempt. If the proxy attempt succeeds, then the proxying information is dynamically reported on the target site. The whole point being to identify webservers acting as open proxies (for spamming, anonymous proxying, or relaying attacks).