suspicious log activity
This type of activity has been showing up on my apache log, by the hundreds (300+ such episodes a day) a day. What does it mean? Seems someone is hijacking the server to try to logon to Yahoo Messenger, or am I just being paranoid?
This board won't let me post the actual log as it contains URLs and I'm a newbie here, but the URLs (preceded by GET the full URL) lead to a failed Yahoo Messenger login page. Any thoughts? |
|
I'll give it a try. Here are 3 samples from over 300 in yesterday's log. http// has been deleted in the following:
GET login.india.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.don e=http://jpager.yahoo.com/jpager/pager2.shtml&login=gabe__p&passwd=allegro HTTP/1.0 with response code(s) 404 GET w4.edit.tpe.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.don e=http://jpager.yahoo.com/jpager/pager2.shtml&login=fine__thang43f&passwd=abby HTTP/1.0 with response code(s) 404 GET e8.edit.cnb.yahoo.com/config/login?.yplus=&.partner=&login=totalbitch&passwd='123 (123) HTTP/1.0 with response code(s) 404 |
As long as their not logging into your site with the apparent login credentials they are trying, no worries really. Probably and mainly just a virus or such that is used against IIS servers..
|
All times are GMT -5. The time now is 12:29 AM. |