nightsbird
1st July 2007, 01:28
I am running ispconfig and lateley i have been seeing the below in the access logs
194.72.238.62 - - [26/Jun/2007:00:41:45 -0500] "\x16\x03" 501 1026 "-" "-"
194.72.238.62 - - [27/Jun/2007:01:49:06 -0500] "\x16\x03\x01" 501 1026 "-" "-"
218.59.120.244 - - [29/Jun/2007:11:51:20 -0500] "GET http://www.filesdatabase.com/azenv.php HTTP/1.0" 404 1092 "-" "-"
59.120.56.5 - - [30/Jun/2007:04:31:09 -0500] "\x16\x03" 501 1026 "-" "-"
194.72.238.62 - - [19/Jun/2007:18:34:52 -0500] "\x16\x03" 501 1026 "-" "-"
59.125.204.97 - - [19/Jun/2007:18:57:43 -0500] "\x16\x03" 501 1026 "-" "-"
194.72.238.62 - - [22/Jun/2007:20:47:05 -0500] "\x16\x03\x01" 501 1026 "-" "-"
62.193.229.173 - - [24/Jun/2007:06:21:37 -0500] "GET http://70.86.199.18/~oddity/printenv.php HTTP/1.1" 404 1083 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
It looks to me like someone is trying to proxy through my server but I am unsure. How can I stop it or is it normal
Thanks
194.72.238.62 - - [26/Jun/2007:00:41:45 -0500] "\x16\x03" 501 1026 "-" "-"
194.72.238.62 - - [27/Jun/2007:01:49:06 -0500] "\x16\x03\x01" 501 1026 "-" "-"
218.59.120.244 - - [29/Jun/2007:11:51:20 -0500] "GET http://www.filesdatabase.com/azenv.php HTTP/1.0" 404 1092 "-" "-"
59.120.56.5 - - [30/Jun/2007:04:31:09 -0500] "\x16\x03" 501 1026 "-" "-"
194.72.238.62 - - [19/Jun/2007:18:34:52 -0500] "\x16\x03" 501 1026 "-" "-"
59.125.204.97 - - [19/Jun/2007:18:57:43 -0500] "\x16\x03" 501 1026 "-" "-"
194.72.238.62 - - [22/Jun/2007:20:47:05 -0500] "\x16\x03\x01" 501 1026 "-" "-"
62.193.229.173 - - [24/Jun/2007:06:21:37 -0500] "GET http://70.86.199.18/~oddity/printenv.php HTTP/1.1" 404 1083 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
It looks to me like someone is trying to proxy through my server but I am unsure. How can I stop it or is it normal
Thanks