Jump to content

Archived

This topic is now archived and is closed to further replies.

dontlike2pay

[hacking?] request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)

Recommended Posts

I got a few strange error logged but not sure what they are.

 

[sat Nov 20 14:57:31 2010] [error] [client 95.211.0.68] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)

[sat Nov 20 18:50:14 2010] [error] [client 205.251.121.5] File does not exist: /html/catalog/.google-analytics.com

[sun Nov 21 04:06:26 2010] [error] [client 74.125.16.68] File does not exist: /html/images

 

[sun Nov 21 06:08:47 2010] [error] [client 89.238.160.30] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /test.w00t:)

 

[sun Nov 21 11:32:25 2010] [error] [client 79.142.69.225] Negotiation: discovered file(s) matching request: /html/index.php (None could be negotiated).

 

[Mon Nov 22 10:11:25 2010] [warn] [client 204.236.235.245] mod_fcgid: read data timeout in 120 seconds

 

are they hacking attempt?

Share this post


Link to post
Share on other sites

I got a few strange error logged but not sure what they are.

 

are they hacking attempt?

Do a Google search for ISC.SANS and you will see what it is.

 

Use arin.net or ip-lookup.net for looking up ip addresses to see what the liklihood of them being hacker is.

The second one *might* have been a hacker, not really sure. I more likely call it a php error of some sort with the google analytics part of your site, if you use Analytics. If you do not then I would call it a failed hack attempt.

The third you will see if you look up the ip address.


Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Share this post


Link to post
Share on other sites

Use arin.net or ip-lookup.net for looking up ip addresses to see what the liklihood of them being hacker is.

 

Thanks for your reply. The ip address pointed to a webhosting company,so i assume it is safe as it might be just an infomation gathering for their marketing purpose? ISC.SANS search lead me to SANS Internet Storm Center and i think thats an internet traffic monitor organization to issue warning about the attacting atatus?

 

The second one *might* have been a hacker, not really sure. I more likely call it a php error of some sort with the google analytics part of your site, if you use Analytics. If you do not then I would call it a failed hack attempt.

The third you will see if you look up the ip address.

 

I do use Google analtics but why its 'google-analytics.com'? the ip is from USA...thats all info i have got.

Share this post


Link to post
Share on other sites

It is an attempted hack. We see these all the time. Usually it seems to originate from a compromised server or a server that it being used as a proxy.

 

Wayne....

Share this post


Link to post
Share on other sites

×