On Wednesday, May 02, 2001 11:13 AM, Sven Brill wrote: > I tried asking a couple of people about this, but none of them had a clue > what this could be, so one person referred me to this list. > going through my apache logs at home (setup is a Linux kernel 2.2.17 and > apache, standard mandrake 7.2 installation with security updates), i found > some strange GET requests, pasted here. Does anyone have an idea what this > person might have tried? Is it something new? <SNIP> > ------- > excerpt from apache acces_log: > > proxy2.rockingham.k12.va.us - - [02/May/2001:10:52:52 -0400] "GET > /scripts/rgs/RgsInit.ASP?AW=202&LV=2047&AS=0&D2=%32_OACS%32%32%32% <snip> Sven, The log entries do not appear to be an exploit attempt against IIS or any other application. It appears to be related to software looking to pull down ads. See http://archives.neohapsis.com/archives/iss/2001-q2/0031.html and http://www.adzu.edu.ph/squid/mail-archive/squid-users/200104/0376.html and http://www.adzu.edu.ph/squid/mail-archive/squid-users/200104/0361.html. One of the messages points to the Babylon online translator as the source of the log entries. Hope that helps. Michael Katz Responsible Solutions, Ltd. mikeat_private
This archive was generated by hypermail 2b30 : Mon May 07 2001 - 07:43:42 PDT