[exinark]

Could someone explain this? I get a lot of odd stuff like this. Is it a worm scan (it's from a '98 machine) looking for something?
static ip, not traffic meant for someone else.

24.80.96.61 - - [14/Dec/2006:05:48:08 -0600] "GET /horde/ HTTP/1.1" 404 281 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:08 -0600] "GET /horde2/ HTTP/1.1" 404 282 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:09 -0600] "GET /horde3/ HTTP/1.1" 404 282 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:09 -0600] "GET /horde-3.0.9/ HTTP/1.1" 404
287 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:09 -0600] "GET /Horde/ HTTP/1.1" 404 281 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:09 -0600] "GET /horde/imp/ HTTP/1.1" 404 285
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:10 -0600] "GET /projects/horde/ HTTP/1.1" 404
290 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:10 -0600] "GET /people/horde/ HTTP/1.1" 404
288 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:10 -0600] "GET /webmail/ HTTP/1.1" 404 283
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:11 -0600] "GET /imp/ HTTP/1.1" 404 279 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
24.80.96.61 - - [14/Dec/2006:05:48:17 -0600] "GET /netmail/horde/ HTTP/1.1" 404
289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

Edited by exinark, 17 December 2006 - 03:32 PM.

[Advertisements]

It looks like some lamer fishing around your server. This stuff happens all the time. It's just part of being connected to the internet.

[-=blaster=-]

It looks like some lamer fishing around your server. This stuff happens all the time. It's just part of being connected to the internet.

[exinark]

It's one of a handful of horde vulnerabilities being scanned for.
found a few similar examples,

http://secunia.com/advisories/14337/
http://osvdb.org/dis...?osvdb_id=10180
http://www.horde.org/
http://www.philippin...date=2006-05-05

Now what is this one?
[20/Dec/2006:21:22:07 -0600] "help trapped in telnet 3 day cant find bash. running low food water send help" 717 474 222 666 344 \"Godzilla/55.5;"

Just kidding.

Edited by exinark, 21 December 2006 - 06:03 AM.

[exinark]

199351 registered users and noone can answer a stupid log question. I'm really impressed.

[-=blaster=-]

I stand by my previous post. Lamers are always looking for vulnerable code. I cannot speak to the specific exploit in horde.

And if you had used google in the first place...

[exinark]

The only lamer here is you, it's a wormed 98 machine, like a million others . If you dont know anything about a question, why bother answering. Your xp box could be zombied too, and you might not know. Maybe when I checked my logs and found your ip, I could call your isp, and maybe they could think like a b$%^h like you do, and cut your service off.
Jerk.