[olug] Scared Newbie SysAdmin

Mike Hostetler thehaas at binary.net
Wed Jan 29 21:02:50 UTC 2003 

On Wed, Jan 29, 2003 at 12:49:53PM -0800, Eric Penne wrote:
> I received these in my apache logs today.  I'm checking them
> vigilantely.
> 
> What exactly are they trying to do?
>   
> access log:
> 202.108.44.242 - - [27/Jan/2003:18:53:24 -0600] "POST / HTTP/1.1" 411
> 361 "-" "-"
> 202.110.215.102 - - [28/Jan/2003:10:44:39 -0600] "POST / HTTP/1.1" 411
> 361 "-" "-"
> 202.110.215.102 - - [28/Jan/2003:10:44:48 -0600] "POST / HTTP/1.1" 411
> 361 "-" "-"
> 66.40.9.49 - - [28/Jan/2003:22:43:30 -0600] "POST / HTTP/1.1" 411 361
> "-" "-"
> 
> error log:
> 
> [Tue Jan 28 10:44:39 2003] [error] [client 202.110.215.102] chunked
> Transfer-Encoding forbidden: /index.php
> [Tue Jan 28 10:44:48 2003] [error] [client 202.110.215.102] chunked
> Transfer-Encoding forbidden: /index.php
> [Tue Jan 28 13:17:58 2003] [error] [client 218.104.228.46] Invalid URI
> in request GET x HTTP/1.0
> [Tue Jan 28 22:43:29 2003] [error] [client 66.40.9.49] client sent
> HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
> [Tue Jan 28 22:43:30 2003] [error] [client 66.40.9.49] chunked
> Transfer-Encoding forbidden: /index.php

Someone from China found you:

ikeh at gideon:pts/1:276 files 9.8Mb -> jwhois 218.104.228.46
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-1]
% How to use this server        http://www.apnic.net/db/
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      218.104.0.0 - 218.107.255.255
netname:      CNCNET
descr:        China Netcom Corp. Beijing
descr:        New Telecommunication Carrier Based on IP Backbone
country:      CN
admin-c:      YZ213-AP
tech-c:       YZ213-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CN-ZM28
changed:      hostmaster at apnic.net 20010919
changed:      hm-change at apnic.net 20020703
status:       ALLOCATED PORTABLE
source:       APNIC

person:       yanping zhao
address:      15/F, Building A, Corporate Square,No
address:      35 Financial Street,Xicheng District,
address:      Beijing
country:      CN
phone:        +86-010-88093588
fax-no:       +86-010-88091442
e-mail:       tech-group at china-netcom.com
nic-hdl:      YZ213-AP
mnt-by:       MAINT-CN-ZM28
changed:      daihy at china-netcom.com 20020618
source:       APNIC

I dunno what they are trying to do, but you do really need Apache
running?  

-- mikeh

More information about the OLUG mailing list