Messages in /var/log/apache2
36 views
Skip to first unread message
Jon Spriggs
Jul 24, 2012, 6:19:57 PM7/24/12
to Bjarni Rúnar Einarsson, pagekite...@googlegroups.com
Hi Bjarni,
I keep seeing this in my event logs:
==> /var/log/apache2/error.log <==
[Tue Jul 24 23:07:23 2012] [error] [client 127.0.0.1] File does not exist: /var/www/adminupdat.htm
==> /var/log/apache2/access.log <==
::ffff:69.164.211.158 - - [24/Jul/2012:23:07:23 +0100] "GET /adminupdat.htm HTTP/1.1" 404 303 "-" "curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15"
==> /var/log/apache2/error.log <==
[Tue Jul 24 23:07:23 2012] [error] [client 127.0.0.1] File does not exist: /var/www/START NEW.html
==> /var/log/apache2/access.log <==
::ffff:69.164.211.158 - - [24/Jul/2012:23:07:23 +0100] "GET /START%20NEW.html HTTP/1.1" 404 303 "-" "curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15"
Now, I presume I could do interesting stuff with these if I were to create them? :)
--
Jon "The Nice Guy" Spriggs
I keep seeing this in my event logs:
==> /var/log/apache2/error.log <==
[Tue Jul 24 23:07:23 2012] [error] [client 127.0.0.1] File does not exist: /var/www/adminupdat.htm
==> /var/log/apache2/access.log <==
::ffff:69.164.211.158 - - [24/Jul/2012:23:07:23 +0100] "GET /adminupdat.htm HTTP/1.1" 404 303 "-" "curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15"
==> /var/log/apache2/error.log <==
[Tue Jul 24 23:07:23 2012] [error] [client 127.0.0.1] File does not exist: /var/www/START NEW.html
==> /var/log/apache2/access.log <==
::ffff:69.164.211.158 - - [24/Jul/2012:23:07:23 +0100] "GET /START%20NEW.html HTTP/1.1" 404 303 "-" "curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15"
Now, I presume I could do interesting stuff with these if I were to create them? :)
--
Jon "The Nice Guy" Spriggs
Bjarni Rúnar Einarsson
Jul 24, 2012, 7:39:06 PM7/24/12
to Jon Spriggs, pagekite...@googlegroups.com
On Tue, Jul 24, 2012 at 10:19 PM, Jon Spriggs <j...@sprig.gs> wrote:
> Hi Bjarni,
>
> I keep seeing this in my event logs:
We've had some problems with a rather persistent criminal who has been
> Hi Bjarni,
>
> I keep seeing this in my event logs:
using the PageKite service for running phishing scams. What you are
seeing is a probe I wrote to try and detect when he reconnects - sadly
it's not smart enough yet to tell old friends from new foes, but I'll
be improving it to be more discerning over the next days and weeks.
> Now, I presume I could do interesting stuff with these if I were to create
> them? :)
Temporarily, of course... ;-)
Hope this didn't set off any alarms at your end, I tried to keep it as
low-key as possible.
--
Bjarni R. Einarsson
Founder, lead developer of PageKite.
Make localhost servers visible to the world: https://pagekite.net/
Jon Spriggs
Jul 25, 2012, 4:36:58 AM7/25/12
to Bjarni Rúnar Einarsson, pagekite...@googlegroups.com
On 25 July 2012 00:39, Bjarni Rúnar Einarsson <b...@pagekite.net> wrote:
We've had some problems with a rather persistent criminal who has been
using the PageKite service for running phishing scams. What you are
seeing is a probe I wrote to try and detect when he reconnects - sadly
it's not smart enough yet to tell old friends from new foes, but I'll
be improving it to be more discerning over the next days and weeks.
No worries - just wanted to be sure it wasn't an admin page or similar that I was missing. A reverse IP lookup on the X-FORWARDED-FOR address showed it was you guys, it just seemed unusual.
Hope this didn't set off any alarms at your end, I tried to keep it as
low-key as possible.
I only spotted it while I was tailing the logs in /var/log/apache... otherwise it would have gone under the radar.
Good to see you're keeping a watchful eye on the service!
Reply all
Reply to author
Forward
0 new messages