[Wylug-help] Logwatch help / advice.
Roger
roger at roger-beaumont.co.uk
Sat Oct 8 22:23:53 UTC 2011
Hi all,
I get a system, 'Logwatch' report each day from my server.
I often get items like (quoting the latest):
--------------------- httpd Begin ------------------------
Requests with error response codes
404 Not Found
http://movietvblog.com/proxyheader.php: 2 Time(s)
http://ppcfinder.net/judge.php: 1 Time(s)
http://www.hardjob.net/proxyheader.php: 1 Time(s)
http://www.mpwallpapers.com/proxyheader.php: 1 Time(s)
http://www.sharkspear.info/proxyheader.php: 1 Time(s)
At first glance, that's not surprising, since none of those URLs have
any connection with sites that I've ever served.
Wondering a tad deeper, how did any of those requests arrive at my
server at all? How on earth were those servers linked to my IP number?
And are those requests any sort of threat?
I'm accustomed to requests that are trying to access my MyPHPAdmin, but
since that needs access to a directory independent of any site I've ever
served (below the root of those sites), then, of course, they always
generate 404 errors - as I understand it, that is proof against any HTML
probe. Though I'd be glad to hear that I'm right.
Bottom line: am I safe (in these respects) against having my server hacked?
TIA,
Roger
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
More information about the Wylug-help
mailing list