Good morning people, I am looking at the Apache access from an online server hosting one of my apps and I am noting some interesting entries, some I have never seen before, something like this: A normal user legit-ip-here - - [08/Nov/2013:06:15:14 -0800] "GET /index.php/auth/login HTTP/1.1" 200 6360 "http://www.myaddress.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)" A normal bot 101.226.68.137 - - [08/Nov/2013:04:02:16 -0800] "HEAD / HTTP/1.1" 302 - "-" "DNSPod-Monitor/1.0" A weird bot crawl-66-249-66-27.googlebot.com - - [08/Nov/2013:13:06:43 -0800] "GET /robots.txt HTTP/1.1" 200 46 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; + http://www.google.com/bot.html)" A normal malicious access (malicious because they are accessing stuff I don't have on that server) 114.221.91.40 - - [08/Nov/2013:07:10:22 -0800] "GET /.7qcjnc/km-qcjnc.mp3 HTTP/1.1" 404 2677 "http://www.wang-nan.cn/" "Mozilla/4.0 (compatible; MSIE 9.10; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)" A weird malicious access h18811653206.rev.rootvps.pl - - [09/Nov/2013:01:02:11 -0800] "GET /video.php?vid=38932 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16" static.focured.net - - [09/Nov/2013:01:04:44 -0800] "GET / HTTP/1.1" 302 20 "-" "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)" poczta.chmuri.net - - [09/Nov/2013:01:04:22 -0800] "GET /video.php?vid=38929 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16" Now, its the "weird malicious attacks" that have me piqued. Instead of having an IP address in the first column, they have some sort of domain name. Has anyone encountered this before?
It sounds like you're doing reverse DNS lookup on hosts hitting the Apache server. This is bad and you shouldn't do it. I wouldn't worry so much about bots and attackers - they're part of the landscape and unaviodable. I would also move to Nginx :-P -- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson On Mon, Nov 11, 2013 at 8:32 AM, Peter Karunyu <pkarunyu@gmail.com> wrote:
Good morning people, I am looking at the Apache access from an online server hosting one of my apps and I am noting some interesting entries, some I have never seen before, something like this:
A normal user legit-ip-here - - [08/Nov/2013:06:15:14 -0800] "GET /index.php/auth/login HTTP/1.1" 200 6360 "http://www.myaddress.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"
A normal bot 101.226.68.137 - - [08/Nov/2013:04:02:16 -0800] "HEAD / HTTP/1.1" 302 - "-" "DNSPod-Monitor/1.0"
A weird bot crawl-66-249-66-27.googlebot.com - - [08/Nov/2013:13:06:43 -0800] "GET /robots.txt HTTP/1.1" 200 46 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; + http://www.google.com/bot.html)"
A normal malicious access (malicious because they are accessing stuff I don't have on that server) 114.221.91.40 - - [08/Nov/2013:07:10:22 -0800] "GET /.7qcjnc/km-qcjnc.mp3 HTTP/1.1" 404 2677 "http://www.wang-nan.cn/" "Mozilla/4.0 (compatible; MSIE 9.10; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
A weird malicious access h18811653206.rev.rootvps.pl - - [09/Nov/2013:01:02:11 -0800] "GET /video.php?vid=38932 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"
static.focured.net - - [09/Nov/2013:01:04:44 -0800] "GET / HTTP/1.1" 302 20 "-" "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)"
poczta.chmuri.net - - [09/Nov/2013:01:04:22 -0800] "GET /video.php?vid=38929 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"
Now, its the "weird malicious attacks" that have me piqued. Instead of having an IP address in the first column, they have some sort of domain name.
Has anyone encountered this before?
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Thanks @Adam, I will research some more on that. I wonder how nginx performs with PHP... My previous foray into Apache vs. Nginx for PHP ended up with the conclusion that Nginx performs much better than Apache for static content, but for dynamic content, the difference is not that much (although Nginx is still marginally faster). @Adam, what has been your experience on this? Although I am pretty sure you don't use PHP :-) On Mon, Nov 11, 2013 at 11:41 AM, Adam Nelson <adam@varud.com> wrote:
It sounds like you're doing reverse DNS lookup on hosts hitting the Apache server. This is bad and you shouldn't do it.
I wouldn't worry so much about bots and attackers - they're part of the landscape and unaviodable.
I would also move to Nginx :-P
-- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson
On Mon, Nov 11, 2013 at 8:32 AM, Peter Karunyu <pkarunyu@gmail.com> wrote:
Good morning people, I am looking at the Apache access from an online server hosting one of my apps and I am noting some interesting entries, some I have never seen before, something like this:
A normal user legit-ip-here - - [08/Nov/2013:06:15:14 -0800] "GET /index.php/auth/login HTTP/1.1" 200 6360 "http://www.myaddress.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"
A normal bot 101.226.68.137 - - [08/Nov/2013:04:02:16 -0800] "HEAD / HTTP/1.1" 302 - "-" "DNSPod-Monitor/1.0"
A weird bot crawl-66-249-66-27.googlebot.com - - [08/Nov/2013:13:06:43 -0800] "GET /robots.txt HTTP/1.1" 200 46 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; + http://www.google.com/bot.html)"
A normal malicious access (malicious because they are accessing stuff I don't have on that server) 114.221.91.40 - - [08/Nov/2013:07:10:22 -0800] "GET /.7qcjnc/km-qcjnc.mp3 HTTP/1.1" 404 2677 "http://www.wang-nan.cn/" "Mozilla/4.0 (compatible; MSIE 9.10; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
A weird malicious access h18811653206.rev.rootvps.pl - - [09/Nov/2013:01:02:11 -0800] "GET /video.php?vid=38932 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"
static.focured.net - - [09/Nov/2013:01:04:44 -0800] "GET / HTTP/1.1" 302 20 "-" "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)"
poczta.chmuri.net - - [09/Nov/2013:01:04:22 -0800] "GET /video.php?vid=38929 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"
Now, its the "weird malicious attacks" that have me piqued. Instead of having an IP address in the first column, they have some sort of domain name.
Has anyone encountered this before?
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, Peter Karunyu -------------------
For even a midsized site - speed isn't important (reverse DNS not withstanding). You're talking about single digit milliseconds in difference even at load. You're much better off focusing on the quality of your ISPs and network providers and location of the servers relative to the users than you are thinking about the speed difference of the web server. However, ease of maintenance and implementation is much simpler with Nginx IMHO and it takes up less memory to boot. -- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson On Mon, Nov 11, 2013 at 9:06 AM, Peter Karunyu <pkarunyu@gmail.com> wrote:
Thanks @Adam, I will research some more on that.
I wonder how nginx performs with PHP... My previous foray into Apache vs. Nginx for PHP ended up with the conclusion that Nginx performs much better than Apache for static content, but for dynamic content, the difference is not that much (although Nginx is still marginally faster).
@Adam, what has been your experience on this? Although I am pretty sure you don't use PHP :-)
On Mon, Nov 11, 2013 at 11:41 AM, Adam Nelson <adam@varud.com> wrote:
It sounds like you're doing reverse DNS lookup on hosts hitting the Apache server. This is bad and you shouldn't do it.
I wouldn't worry so much about bots and attackers - they're part of the landscape and unaviodable.
I would also move to Nginx :-P
-- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson
On Mon, Nov 11, 2013 at 8:32 AM, Peter Karunyu <pkarunyu@gmail.com>wrote:
Good morning people, I am looking at the Apache access from an online server hosting one of my apps and I am noting some interesting entries, some I have never seen before, something like this:
A normal user legit-ip-here - - [08/Nov/2013:06:15:14 -0800] "GET /index.php/auth/login HTTP/1.1" 200 6360 "http://www.myaddress.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"
A normal bot 101.226.68.137 - - [08/Nov/2013:04:02:16 -0800] "HEAD / HTTP/1.1" 302 - "-" "DNSPod-Monitor/1.0"
A weird bot crawl-66-249-66-27.googlebot.com - - [08/Nov/2013:13:06:43 -0800] "GET /robots.txt HTTP/1.1" 200 46 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; + http://www.google.com/bot.html)"
A normal malicious access (malicious because they are accessing stuff I don't have on that server) 114.221.91.40 - - [08/Nov/2013:07:10:22 -0800] "GET /.7qcjnc/km-qcjnc.mp3 HTTP/1.1" 404 2677 "http://www.wang-nan.cn/" "Mozilla/4.0 (compatible; MSIE 9.10; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
A weird malicious access h18811653206.rev.rootvps.pl - - [09/Nov/2013:01:02:11 -0800] "GET /video.php?vid=38932 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"
static.focured.net - - [09/Nov/2013:01:04:44 -0800] "GET / HTTP/1.1" 302 20 "-" "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)"
poczta.chmuri.net - - [09/Nov/2013:01:04:22 -0800] "GET /video.php?vid=38929 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"
Now, its the "weird malicious attacks" that have me piqued. Instead of having an IP address in the first column, they have some sort of domain name.
Has anyone encountered this before?
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, Peter Karunyu -------------------
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
My main issue with nginx is not having a .htaccess file. I have issues converting what is in the .htaccess file to the nginx configs. On Mon, Nov 11, 2013 at 12:06 PM, Peter Karunyu <pkarunyu@gmail.com> wrote:
Thanks @Adam, I will research some more on that.
I wonder how nginx performs with PHP... My previous foray into Apache vs. Nginx for PHP ended up with the conclusion that Nginx performs much better than Apache for static content, but for dynamic content, the difference is not that much (although Nginx is still marginally faster).
@Adam, what has been your experience on this? Although I am pretty sure you don't use PHP :-)
On Mon, Nov 11, 2013 at 11:41 AM, Adam Nelson <adam@varud.com> wrote:
It sounds like you're doing reverse DNS lookup on hosts hitting the Apache server. This is bad and you shouldn't do it.
I wouldn't worry so much about bots and attackers - they're part of the landscape and unaviodable.
I would also move to Nginx :-P
-- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson
On Mon, Nov 11, 2013 at 8:32 AM, Peter Karunyu <pkarunyu@gmail.com>wrote:
Good morning people, I am looking at the Apache access from an online server hosting one of my apps and I am noting some interesting entries, some I have never seen before, something like this:
A normal user legit-ip-here - - [08/Nov/2013:06:15:14 -0800] "GET /index.php/auth/login HTTP/1.1" 200 6360 "http://www.myaddress.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"
A normal bot 101.226.68.137 - - [08/Nov/2013:04:02:16 -0800] "HEAD / HTTP/1.1" 302 - "-" "DNSPod-Monitor/1.0"
A weird bot crawl-66-249-66-27.googlebot.com - - [08/Nov/2013:13:06:43 -0800] "GET /robots.txt HTTP/1.1" 200 46 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; + http://www.google.com/bot.html)"
A normal malicious access (malicious because they are accessing stuff I don't have on that server) 114.221.91.40 - - [08/Nov/2013:07:10:22 -0800] "GET /.7qcjnc/km-qcjnc.mp3 HTTP/1.1" 404 2677 "http://www.wang-nan.cn/" "Mozilla/4.0 (compatible; MSIE 9.10; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
A weird malicious access h18811653206.rev.rootvps.pl - - [09/Nov/2013:01:02:11 -0800] "GET /video.php?vid=38932 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"
static.focured.net - - [09/Nov/2013:01:04:44 -0800] "GET / HTTP/1.1" 302 20 "-" "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)"
poczta.chmuri.net - - [09/Nov/2013:01:04:22 -0800] "GET /video.php?vid=38929 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"
Now, its the "weird malicious attacks" that have me piqued. Instead of having an IP address in the first column, they have some sort of domain name.
Has anyone encountered this before?
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, Peter Karunyu -------------------
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards Brian Ngure
+1 on nginx you can see this this post on serverfault.com<http://serverfault.com/questions/168708/convert-htaccess-mod-rewrite-directives-to-nginx-format> for a simple intro on how to do the apache -> nginx reqwrite rules. As an addition, you can offload the headache of monitoring rogue or malicious traffic to www.cloudflare.com (a a plus it comes with global caching). On Mon, Nov 11, 2013 at 12:22 PM, Brian Ngure <brian@pixie.co.ke> wrote:
My main issue with nginx is not having a .htaccess file. I have issues converting what is in the .htaccess file to the nginx configs.
On Mon, Nov 11, 2013 at 12:06 PM, Peter Karunyu <pkarunyu@gmail.com>wrote:
Thanks @Adam, I will research some more on that.
I wonder how nginx performs with PHP... My previous foray into Apache vs. Nginx for PHP ended up with the conclusion that Nginx performs much better than Apache for static content, but for dynamic content, the difference is not that much (although Nginx is still marginally faster).
@Adam, what has been your experience on this? Although I am pretty sure you don't use PHP :-)
On Mon, Nov 11, 2013 at 11:41 AM, Adam Nelson <adam@varud.com> wrote:
It sounds like you're doing reverse DNS lookup on hosts hitting the Apache server. This is bad and you shouldn't do it.
I wouldn't worry so much about bots and attackers - they're part of the landscape and unaviodable.
I would also move to Nginx :-P
-- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson
On Mon, Nov 11, 2013 at 8:32 AM, Peter Karunyu <pkarunyu@gmail.com>wrote:
Good morning people, I am looking at the Apache access from an online server hosting one of my apps and I am noting some interesting entries, some I have never seen before, something like this:
A normal user legit-ip-here - - [08/Nov/2013:06:15:14 -0800] "GET /index.php/auth/login HTTP/1.1" 200 6360 "http://www.myaddress.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"
A normal bot 101.226.68.137 - - [08/Nov/2013:04:02:16 -0800] "HEAD / HTTP/1.1" 302 - "-" "DNSPod-Monitor/1.0"
A weird bot crawl-66-249-66-27.googlebot.com - - [08/Nov/2013:13:06:43 -0800] "GET /robots.txt HTTP/1.1" 200 46 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; + http://www.google.com/bot.html)"
A normal malicious access (malicious because they are accessing stuff I don't have on that server) 114.221.91.40 - - [08/Nov/2013:07:10:22 -0800] "GET /.7qcjnc/km-qcjnc.mp3 HTTP/1.1" 404 2677 "http://www.wang-nan.cn/" "Mozilla/4.0 (compatible; MSIE 9.10; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)"
A weird malicious access h18811653206.rev.rootvps.pl - - [09/Nov/2013:01:02:11 -0800] "GET /video.php?vid=38932 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"
static.focured.net - - [09/Nov/2013:01:04:44 -0800] "GET / HTTP/1.1" 302 20 "-" "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)"
poczta.chmuri.net - - [09/Nov/2013:01:04:22 -0800] "GET /video.php?vid=38929 HTTP/1.1" 404 937 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"
Now, its the "weird malicious attacks" that have me piqued. Instead of having an IP address in the first column, they have some sort of domain name.
Has anyone encountered this before?
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, Peter Karunyu -------------------
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
participants (4)
-
Adam Nelson -
Brian Ngure -
Kiti Chigiri -
Peter Karunyu