[NTLUG:Discuss] Strange Apache log entries
asenec@senechalle.net
asenec at senechalle.net
Fri Dec 31 19:30:02 CST 2004
Since early this morning, I'm seeing *tons* of entries like this
in my access log:
80.58.21.172 - - [31/Dec/2004:03:19:35 -0600] "GET /header.pl HTTP/1.1" 200 618 www.postage-paid.com "http://www.postage-paid.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" "-" 18961 80.58.21.172 - - [31/Dec/2004:03:19:35 -0600] "GET /menu.pl HTTP/1.1" 200 614 www.postage-paid.com "http://www.postage-paid.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" "-" 18960 80.58.21.172 - - [31/Dec/2004:03:19:36 -0600] "GET /info.pl HTTP/1.1" 200 2064 www.postage-paid.com "http://www.postage-paid.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" "-" 18961 85.97.98.142 - - [31/Dec/2004:03:19:21 -0600] "m\xc2K\xbe\x0f}\xbe\xeb\xf7\xf3\x8fN\x88\x98\xccsW\x0f\xdb-\xb9!l\xe0\x90\xb8\x86\xc8s\xc3\x87\xdc\b^pp\xf5E\v-\x93\xa9\!
xb7N\v\xf4\xce\x7f\x01\xde\x1a\xe9\xdd\r\xdf&\xc7\xb2\x87m\x97\xa0\xc6\xe7\xf7\x02V\xee\xd2\x10\xbb\xfaL\xfa\x9b;C\x97\xb68\x8e\xb1\xfc=\x18\xb7\xbe\x17\xf6\x0f\xd1\x89_\x12\xc7^0\\\x81f\xff} 5\"\xa3\\\x1e\x8a\xed?\x9f\xecf,t\xcc\xc0Hk\xd6\xca7kN\xd4FF1@\xd9\x90-\xd2]6" 400 226 postage-paid.com "-" "-" "-" 10356 80.58.21.172 - - [31/Dec/2004:03:19:40 -0600] "GET /faq.pl?3 HTTP/1.1" 200 1123 www.postage-paid.com "http://www.postage-paid.com/menu.pl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" "-" 18961 80.58.21.172 - - [31/Dec/2004:03:19:45 -0600] "GET /services.pl?3 HTTP/1.1" 200 1116 www.postage-paid.com "http://www.postage-paid.com/menu.pl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" "-" 18961 80.58.21.172 - - [31/Dec/2004:03:19:36 -0600] "GET /images/!
coming.gif HTTP/1.1" 200 28901 www.postage-paid.com "http://www.postag
e-paid.com/header.pl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" "-" 18960 80.58.21.172 - - [31/Dec/2004:03:19:51 -0600] "GET /purchase.pl?3 HTTP/1.1" 200 1197 www.postage-paid.com "http://www.postage-paid.com/menu.pl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" "-" 18961 85.97.98.142 - - [31/Dec/2004:03:20:08 -0600] "GET sha1:k5KzwXPEYA0s5rxGajvGkoicLqg= http/1.1" 400 226 postage-paid.com "-" "W\xd0\xb0rez 2.5.0.2955" "-" 29434 80.58.21.172 - - [31/Dec/2004:03:20:36 -0600] "GET / HTTP/1.1" 200 1164 www.postage-paid.com "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" "-" 29435 85.97.98.142 - - [31/D!
ec/2004:03:20:45 -0600] "GET sha1:ZeiSpNE+guboaKunx3f9lUWFwNQ= http/1.1" 400 226 postage-paid.com "-" "W\xd0\xb0rez 2.5.0.2955" "-" 29436 85.97.98.142 - - [31/Dec/2004:03:23:49 -0600] "GET sha1:k5KzwXPEYA0s5rxGajvGkoicLqg= http/1.1" 400 226 postage-paid.com "-" "W\xd0\xb0rez 2.5.0.2955" "-" 18962 85.97.98.142 - - [31/Dec/2004:03:24:21 -0600] "GET sha1:ZeiSpNE+guboaKunx3f9lUWFwNQ= http/1.1" 400 226 postage-paid.com "-" "W\xd0\xb0rez 2.5.0.2955" "-" 18959
They all appear to be coming from dynamic address ranges--why do I think
this is somehow related to spammers?
Anyone have any idea what is going on?
Annette
More information about the Discuss
mailing list