Date: Tue, 11 Apr 2000 18:00:38 -0600 From: Brett Glass <brett@lariat.org> To: freebsd-security@FreeBSD.ORG Subject: Re: Weird log entry ..... Message-ID: <4.2.2.20000411180028.00af46d0@localhost>
next in thread | raw e-mail | index | archive | help
At 05:02 PM 4/11/2000 , William Woods wrote: >Came home from work and was doing a check of my server logs and ran accross >this, anyone tell me whats up here? > >cache-dp03.proxy.aol.com - - [11/Apr/2000:15:18:59 -0700] "GET / HTTP/1.0" 200 >4254"http://209.185.131.251/cgi-bin/linkrd?_lang=&lah=14853ce0511667e378ad7f249b >b39074&lat=955491465&hm___action=http%3a%2f%2f63%2e227%2e213%2e92%2f" >"Mozilla/4.0(compatible; MSIE 5.0; AOL 5.0; Windows 98; DigExt)" If you're using the standard Apache log format, don't worry; that's just a referer field. My guess, without doing a lot of research, is that what you're seeing is a Hotmail internal URL. (Their mail reader uses URLs like that in the list of e-mail messages you see when you view the contents of your mailbox.) Not long ago, in fact, there was a widely publicized security hole which let you access anyone's Hotmail account without a password. All you needed to do was construct a URL similar to the one you see above. So, the most likely explanation of that entry is that somebody who uses AOL as their ISP also has a Hotmail account. He or she probably clicked through to your site from a link in a Hotmail message. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000411180028.00af46d0>