[unisog] username scanning via web
Gary MacIsaac
gary at psych.ubc.ca
Tue Sep 16 00:58:07 GMT 2008
Hi,
I've seen a number of log entries which are testing usernames, likely for
subsequent, focused password attacks. Anyone else seeing lots of this
kind of thing in their web server logs?
gw.nameremoved.ec - - [15/Sep/2008:03:54:52 -0700] "GET /~felice/
HTTP/1.1" 404 206 "-" "-"
gw.nameremoved.ec - - [15/Sep/2008:03:54:53 -0700] "GET /~felicia/
HTTP/1.1" 404 207 "-" "-"
gw.nameremoved.ec - - [15/Sep/2008:03:54:55 -0700] "GET /~felicity/
HTTP/1.1" 404 208 "-" "-"
gw.nameremoved.ec - - [15/Sep/2008:03:54:56 -0700] "GET /~felix/ HTTP/1.1"
404 205 "-" "-"
gw.nameremoved.ec - - [15/Sep/2008:03:54:58 -0700] "GET /~fell/ HTTP/1.1"
404 204 "-" "-"
.
.
.
Gary.
--
Gary MacIsaac
Systems and Network Manager
Dept. of Psychology
University of British Columbia
More information about the unisog
mailing list