From owner-freebsd-security Tue Apr 11 17: 0:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id C285937B98D for ; Tue, 11 Apr 2000 17:00:47 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id SAA08912 for ; Tue, 11 Apr 2000 18:00:42 -0600 (MDT) Message-Id: <4.2.2.20000411180028.00af46d0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Tue, 11 Apr 2000 18:00:38 -0600 To: freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: Weird log entry ..... Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:02 PM 4/11/2000 , William Woods wrote: >Came home from work and was doing a check of my server logs and ran accross >this, anyone tell me whats up here? > >cache-dp03.proxy.aol.com - - [11/Apr/2000:15:18:59 -0700] "GET / HTTP/1.0" 200 >4254"http://209.185.131.251/cgi-bin/linkrd?_lang=&lah=14853ce0511667e378ad7f249b >b39074&lat=955491465&hm___action=http%3a%2f%2f63%2e227%2e213%2e92%2f" >"Mozilla/4.0(compatible; MSIE 5.0; AOL 5.0; Windows 98; DigExt)" If you're using the standard Apache log format, don't worry; that's just a referer field. My guess, without doing a lot of research, is that what you're seeing is a Hotmail internal URL. (Their mail reader uses URLs like that in the list of e-mail messages you see when you view the contents of your mailbox.) Not long ago, in fact, there was a widely publicized security hole which let you access anyone's Hotmail account without a password. All you needed to do was construct a URL similar to the one you see above. So, the most likely explanation of that entry is that somebody who uses AOL as their ISP also has a Hotmail account. He or she probably clicked through to your site from a link in a Hotmail message. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message