Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: fixit on October 28, 2005, 01:38:38 AM
-
can someone tell me what this means, does this mean that someone from this ip address logged into my server
fixitcomputers.com.au 217.20.215.115 - - [28/Oct/2005:00:59:14 +1000] "CONNECT login.icq.com:443 HTTP/1.0" 405 234 "-" "Mozilla/4.08 [en] (WinNT; U ;Nav)"
this ip 217.20.215.115 points to somewhere in the Russian Federation
I went to http://www.dnsstuff.com/ and did a WHOIS results for 217.20.215.115
any info about this msg, would be appreciated
Thanks,Russell
-
can someone tell me what this means, does this mean that someone from this ip address logged into my server
fixitcomputers.com.au 217.20.215.115 - - [28/Oct/2005:00:59:14 +1000] "CONNECT login.icq.com:443 HTTP/1.0" 405 234 "-" "Mozilla/4.08 [en] (WinNT; U ;Nav)"
This means that someone asked your web server to patch through a connection to login.icq.co:443 and it refused (405 - "Method Not Allowed").
Google for "login.icq.co:443" and you'll see that you're not the only one to receive this attention (which is probably from IM spammers trying to hide their origin).
-
Hi Charlie, thanks for the reply, I have had a look around @ google as suggested and some interesting stuff about IM's, I know why my firewall would always shutdown internet access when this triggered.
Hows that issue with CentOS going, I wonder how long they will use 4.2 for
Thanks, Russell
-
Hi Charlie, thanks for the reply, I have had a look around @ google as suggested and some interesting stuff about IM's, I know why my firewall would always shutdown internet access when this triggered.
Why does your firewall shutdown internet access? That sounds like an obvious denial of service attack you have opened yourself up to.
Hows that issue with CentOS going, I wonder how long they will use 4.2 for
What issue with CentOS? Who is "they"?
-
OK, I have another query, why would someone be trying to find these files on my server
scripts
MSADC
c
d
scripts
_vti_bin
_mem_bin
sumthin
61.253.58.70 dnsstuff.com shows Location: Korea-KR [City: Seoul, Kyonggi-Do]
is this the result of the Nimda worm
[Tue Nov 01 20:06:13 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/scripts
[Tue Nov 01 20:06:14 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/MSADC
[Tue Nov 01 20:06:15 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/c
[Tue Nov 01 20:06:16 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/d
[Tue Nov 01 20:06:16 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/scripts
[Tue Nov 01 20:06:17 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/_vti_bin
[Tue Nov 01 20:06:18 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/_mem_bin
[Tue Nov 01 20:06:18 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/msadc
[Tue Nov 01 20:06:19 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/scripts
[Tue Nov 01 20:06:20 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/scripts
[Tue Nov 01 20:06:21 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/scripts
[Tue Nov 01 20:06:23 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/scripts
[Tue Nov 01 20:06:27 2005] [error] [client 61.253.58.70] File does not exist: /home/e-smith/files/ibays/Primary/html/scripts
[Tue Nov 01 21:42:28 2005] [error] [client 218.202.219.193] File does not exist: /home/e-smith/files/ibays/Primary/html/sumthin