Guest Posted November 23, 2010 Share Posted November 23, 2010 I got a few strange error logged but not sure what they are. [sat Nov 20 14:57:31 2010] [error] [client 95.211.0.68] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)[sat Nov 20 18:50:14 2010] [error] [client 205.251.121.5] File does not exist: /html/catalog/.google-analytics.com [sun Nov 21 04:06:26 2010] [error] [client 74.125.16.68] File does not exist: /html/images [sun Nov 21 06:08:47 2010] [error] [client 89.238.160.30] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /test.w00t:) [sun Nov 21 11:32:25 2010] [error] [client 79.142.69.225] Negotiation: discovered file(s) matching request: /html/index.php (None could be negotiated). [Mon Nov 22 10:11:25 2010] [warn] [client 204.236.235.245] mod_fcgid: read data timeout in 120 seconds are they hacking attempt? Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted November 23, 2010 Share Posted November 23, 2010 I got a few strange error logged but not sure what they are. are they hacking attempt? Do a Google search for ISC.SANS and you will see what it is. Use arin.net or ip-lookup.net for looking up ip addresses to see what the liklihood of them being hacker is. The second one *might* have been a hacker, not really sure. I more likely call it a php error of some sort with the google analytics part of your site, if you use Analytics. If you do not then I would call it a failed hack attempt. The third you will see if you look up the ip address. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Guest Posted November 24, 2010 Share Posted November 24, 2010 Use arin.net or ip-lookup.net for looking up ip addresses to see what the liklihood of them being hacker is. Thanks for your reply. The ip address pointed to a webhosting company,so i assume it is safe as it might be just an infomation gathering for their marketing purpose? ISC.SANS search lead me to SANS Internet Storm Center and i think thats an internet traffic monitor organization to issue warning about the attacting atatus? The second one *might* have been a hacker, not really sure. I more likely call it a php error of some sort with the google analytics part of your site, if you use Analytics. If you do not then I would call it a failed hack attempt.The third you will see if you look up the ip address. I do use Google analtics but why its 'google-analytics.com'? the ip is from USA...thats all info i have got. Link to comment Share on other sites More sharing options...
Wayne Weedon Posted November 24, 2010 Share Posted November 24, 2010 It is an attempted hack. We see these all the time. Usually it seems to originate from a compromised server or a server that it being used as a proxy. Wayne.... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.