Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Log question


  • Please log in to reply

#1
exinark

exinark

    New Member

  • Member
  • Pip
  • 7 posts
Could someone explain this? I get a lot of odd stuff like this. Is it a worm scan (it's from a '98 machine) looking for something?
static ip, not traffic meant for someone else.
24.80.96.61 - - [14/Dec/2006:05:48:08 -0600] "GET /horde/ HTTP/1.1" 404 281 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:08 -0600] "GET /horde2/ HTTP/1.1" 404 282 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:09 -0600] "GET /horde3/ HTTP/1.1" 404 282 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:09 -0600] "GET /horde-3.0.9/ HTTP/1.1" 404
287 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:09 -0600] "GET /Horde/ HTTP/1.1" 404 281 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:09 -0600] "GET /horde/imp/ HTTP/1.1" 404 285
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:10 -0600] "GET /projects/horde/ HTTP/1.1" 404
290 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:10 -0600] "GET /people/horde/ HTTP/1.1" 404
288 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:10 -0600] "GET /webmail/ HTTP/1.1" 404 283
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:11 -0600] "GET /imp/ HTTP/1.1" 404 279 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:17 -0600] "GET /netmail/horde/ HTTP/1.1" 404
289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

Edited by exinark, 17 December 2006 - 03:32 PM.

  • 0

Advertisements


#2
-=blaster=-

-=blaster=-

    Member

  • Member
  • PipPipPip
  • 181 posts
It looks like some lamer fishing around your server. This stuff happens all the time. It's just part of being connected to the internet.

:whistling:
  • 0

#3
exinark

exinark

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
It's one of a handful of horde vulnerabilities being scanned for.
found a few similar examples,

http://secunia.com/advisories/14337/
http://osvdb.org/dis...?osvdb_id=10180
http://www.horde.org/
http://www.philippin...date=2006-05-05

Now what is this one?
[20/Dec/2006:21:22:07 -0600] "help trapped in telnet 3 day cant find bash. running low food water send help" 717 474 222 666 344 \"Godzilla/55.5;"

Just kidding.

Edited by exinark, 21 December 2006 - 06:03 AM.

  • 0

#4
exinark

exinark

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
199351 registered users and noone can answer a stupid log question. I'm really impressed.
  • 0

#5
-=blaster=-

-=blaster=-

    Member

  • Member
  • PipPipPip
  • 181 posts
I stand by my previous post. Lamers are always looking for vulnerable code. I cannot speak to the specific exploit in horde.

And if you had used google in the first place... :whistling:

:blink:
  • 0

#6
exinark

exinark

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The only lamer here is you, it's a wormed 98 machine, like a million others . If you dont know anything about a question, why bother answering. Your xp box could be zombied too, and you might not know. Maybe when I checked my logs and found your ip, I could call your isp, and maybe they could think like a b$%^h like you do, and cut your service off.
Jerk.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP