| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: webserver attack?? |
From: Mike N. On 25 May 2007 16:25:34 -0400, waldo kitty wrote: >localhost - - [02/May/2007:08:42:43 -0400] "GET /windowslinks.html >HTTP/1.1" 200 12642 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT >5.1; SV1; .NET CLR 1.1.4322)" > >there is absolutely _no_ way for that to be... first of all, there's no >browser on that box... second of all, it flat out cannot run MSIE... thrid >of all, it definitely is _not_ running windows of any kind (it >=can't=!)... > >now, how can the origin of spoofed IPs be tracked back? See if there's a way to disable reverse DNS lookups in Apache for the log. Someone may have been able to control their reverse DNS lookup and substituted 'localhost' for their real host name. --- BBBS/NT v4.01 Flag-5* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45) SEEN-BY: 633/267 @PATH: 379/45 1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.