Suspicious looking Apache log entries
I recently checked my Apache access log, and found these lines:
67.21.84.213 - - [22/Apr/2004:19:19:55 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:19:56 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:19:57 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:00 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:01 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:03 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:04 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:06 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:08 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:09 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:11 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:13 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:15 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:17 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:19 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:20 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:22 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:23 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:25 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:26 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:29 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:31 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:32 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:35 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:36 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:38 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:39 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:41 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:20:51 -0700] "GET / HTTP/1.0" 200 747 67.21.84.213 - - [22/Apr/2004:19:21:49 -0700] "GET / HTTP/1.1" 200 747 I've seen this sort of thing in other places, too. It looks like the work of a script rather than a person. Is this some kind of breakin attempt? Anyone had this happen before? Interestingly, I did a lookup of the IP address, and found that it belonged to an ISP customer in my area. |
Well from this point of view it looks like legitimate traffic (just a normal GET-REQUEST). However for further information you probably should take a look at mod_security (www.modsecurity.org) and it's logging capabilities.
|
Ok, I'll check that out. It just seems odd though, as it occures in such rapid succession.
|
I get similiar log entries, except it reports the operating system and browser. The operating system is always "Windows 98" and the browser is always IE 5.5. It's a little strange, but doesn't seem to have any malignant effects.
|
Thanks, I guess it could just be some little quirk of Windoze or something. As long as it's not some script kiddie I really don't mind...
|
All times are GMT -5. The time now is 08:38 AM. |