From owner-freebsd-questions@FreeBSD.ORG Wed Mar 9 20:41:07 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 49F37106566B for ; Wed, 9 Mar 2011 20:41:07 +0000 (UTC) (envelope-from peter@vfemail.net) Received: from vfemail.net (dotsevenfive.vfemail.net [69.11.239.75]) by mx1.freebsd.org (Postfix) with ESMTP id DA9FF8FC13 for ; Wed, 9 Mar 2011 20:41:06 +0000 (UTC) Received: (qmail 10463 invoked by uid 89); 9 Mar 2011 20:40:59 -0000 Received: from localhost (HELO freequeue.vfemail.net) (127.0.0.1) by localhost with SMTP; 9 Mar 2011 20:40:57 -0000 Received: (qmail 10417 invoked by uid 89); 9 Mar 2011 20:40:39 -0000 Received: from unknown (HELO www-52-2.vfemail.net) (vfemail@172.16.100.52) by FreeQueue with SMTP; 9 Mar 2011 20:40:39 -0000 Received: (qmail 48517 invoked by uid 89); 9 Mar 2011 20:40:46 -0000 Received: by simscan 1.4.0 ppid: 48440, pid: 48513, t: 0.1313s scanners:none Received: from unknown (HELO Bacchus.vfemail.net) (cGV0ZXJAdmZlbWFpbC5uZXQ=@67.101.12.44) by 172.16.100.52 with ESMTPA; 9 Mar 2011 20:40:46 -0000 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Wed, 09 Mar 2011 15:40:05 -0500 To: freebsd-questions@freebsd.org From: peter@vfemail.net In-Reply-To: <7.1.0.9.2.20110309150206.1ed21c20@vfemail.net> References: <20110309152546.54D93106564A@hub.freebsd.org> <201103092006.p29K664k013470@mail.r-bonomi.com> <7.1.0.9.2.20110309150206.1ed21c20@vfemail.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Message-Id: <20110309204107.49F37106566B@hub.freebsd.org> X-Mailman-Approved-At: Wed, 09 Mar 2011 21:07:28 +0000 Subject: Re: Nonsensical Web Log Entries X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2011 20:41:07 -0000 At 03:02 PM 3/9/2011, peter@vfemail.net wrote: >At 03:06 PM 3/9/2011, Robert Bonomi wrote: >>> From owner-freebsd-questions@freebsd.org Wed Mar 9 10:40:23 2011 >>> Date: Wed, 09 Mar 2011 09:57:03 -0500 >>> To: freebsd-questions@freebsd.org >>> From: peter@vfemail.net >>> Subject: Nonsensical Web Log Entries >>> >>> >>> I was looking at my Web log this morning, and a bunch of nonsensical >>> entries like these caught my attention: >>> >>> 124.226.181.80 - - [09/Mar/2011:09:49:58 -0500] "GET http://www.yahoo.com/ HTTP/1.0" 301 294 "-" "Mozilla/4.0 (compatible; > MSIE 6.0; Windows NT 5.1; SV1)" >>> 123.10.97.102 - - [09/Mar/2011:09:50:01 -0500] "GET http://makeabank.com/faq.cgi HTTP/1.0" 404 3485 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" >>> 115.225.166.2 - > - [09/Mar/2011:09:50:04 -0500] "GET http://join1.winhundred.com/affiliate/link.php?ref=35840&productid=7178 HTTP/1.0" 404 3485 "http://www.wingclips.com/" "Mozilla/4.0 (compatible; > MSIE 6.0; Windows NT 5.1; SV1)" >>> 114.97.197.184 - - [09/Mar/2011:09:50:15 -0500] "GET http://www.tosunmail.com/proxyheader.php HTTP/1.0" 301 313 "http://www.cashsoldier.com/VerifyerLevel.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" >>> >>> Is my FreeBSD box serving as some kind of Web proxy? >> >>Your box is _not_ doing the proxying. that's why it's signalling errors >>for those requests. >> >>The perpetrators are _hoping_ you are running a misconfigured proxying front- >>end. > >Does this entry change your conclusion: > > 188.134.62.20 - - [09/Mar/2011:12:15:04 -0500] "GET http://images.google.com/ HTTP/1.1" 200 13134 "-" "-" > Here's another entry that's too bizarre for words: 218.172.209.123 - - [09/Mar/2011:15:38:29 -0500] "\x16\x03\x01" 200 13107 "-" "-" ------------------------------------------------- This message sent via VFEmail.net http://www.vfemail.net $14.95 Lifetime accounts! 15GB disk! No bandwidth quotas!