[Dshield] Help Me Sort this Out (Apache Logs)

David Cary Hart DShield at TQMcube.com
Wed Apr 5 17:59:40 GMT 2006


I keep seeing this over and over again for weeks now. Different
clients from different providers. It always starts with a get of the
entire site. Then I get the following (identical urls each time -
with each client - to oag.state.tx.us):

/var/log/httpd/access_log:88.208.194.64 - - [05/Apr/2006:12:57:00 -0400] "GET /https://www.oag.state.tx.us/forms/cpd/tide.php HTTP/1.1" 302 288 "-" "Java/1.4.1_04"
/var/log/httpd/access_log:88.208.194.64 - - [05/Apr/2006:12:57:01 -0400] "GET /https://www.oag.state.tx.us/forms/cpd/zombies.php HTTP/1.1" 302 288 "-" "Java/1.4.1_04"
/var/log/httpd/access_log:88.208.194.64 - - [05/Apr/2006:12:57:02 -0400] "GET /https://www.oag.state.tx.us/forms/cpd/images/bll.png HTTP/1.1" 302 288 "-" "Java/1.4.1_04"
/var/log/httpd/access_log:88.208.194.64 - - [05/Apr/2006:12:57:03 -0400] "GET /https://www.oag.state.tx.us/forms/cpd/images/bp-link.png HTTP/1.1" 302 288 "-" "Java/1.4.1_04"
/var/log/httpd/access_log:88.208.194.64 - - [05/Apr/2006:12:57:03 -0400] "GET /https://www.oag.state.tx.us/forms/cpd/images/ol.png HTTP/1.1" 302 288 "-" "Java/1.4.1_04"
/var/log/httpd/access_log:88.208.194.64 - - [05/Apr/2006:12:57:04 -0400] "GET /https://www.oag.state.tx.us/forms/cpd/images/tl.png HTTP/1.1" 302 288 "-" "Java/1.4.1_04"
/var/log/httpd/access_log:88.208.194.64 - - [05/Apr/2006:12:57:05 -0400] "GET /https://www.oag.state.tx.us/forms/cpd/images/zl.png HTTP/1.1" 302 288 "-" "Java/1.4.1_04"
/var/log/httpd/access_log:88.208.194.64 - - [05/Apr/2006:12:57:06 -0400] "GET /https://www.oag.state.tx.us/forms/cpd/images/origins.php HTTP/1.1" 302 288 "-" "Java/1.4.1_04"
/var/log/httpd/access_log:88.208.194.64 - - [05/Apr/2006:12:57:07 -0400] "GET /https://www.oag.state.tx.us/forms/cpd/images/tide.php HTTP/1.1" 302 288 "-" "Java/1.4.1_04"
/var/log/httpd/access_log:88.208.194.64 - - [05/Apr/2006:12:57:08 -0400] "GET /https://www.oag.state.tx.us/forms/cpd/images/zombies.php HTTP/1.1" 302 288 "-" "Java/1.4.1_04"

-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php


More information about the list mailing list