GET /proxy-test.php

From: Joe Blatz (sd_wirelessat_private)
Date: Sun May 26 2002 - 10:14:12 PDT

  • Next message: Smith, Donald : "RE: odd scans?"

    I spent 18 hours yesterday (including flight time)
    cleaning up the mess made by some hacker in the
    Netherlands. He was using an unpatched IIS server for
    his own ends. (yes, i know this couldn't have happened
    without poor administration, but i am not the admin so
    please don't yell at me)
    As you might expect, I am keeping a very close watch
    on this box, and the network on which it resides.
    While looking at the IIS logs I saw an odd entry and
    was wondering if anyone here has seen anything
    similar. I've searched Google and was unable to find
    anything that looked related.
    2002-05-26 12:13:14 212.244.x.x - x.x.x.x 80 GET
    /proxy-test.php - 404 Mozilla/3.01+(PZ)
    This could simply be a case of a mis-typed IP address
    in a browser, but I would like to know if anyone is
    aware of a legitimate program or a hack that would
    have "proxy-test.php" residing on a webserver.
    Do You Yahoo!?
    Yahoo! - Official partner of 2002 FIFA World Cup
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 18:08:25 PDT