the timboucher experience

13 Comments

1. Jonathan
   Posted May 10, 2005 at 11:55 am | Permalink

   Yeah, it’s a port number. Port 80 is the default port for HTTP, so http://www.timboucher.com:80/ is the same as http://www.timboucher.com. As for why it showed up that way in your logs in this particular case, it takes somebody more knowledgable than I, but I don’t think there’s anything to worry about.

2. Occult Investigator
   Posted May 10, 2005 at 11:59 am | Permalink

   cool thats what i thought. just wanted to double check

3. Darkshadow
   Posted May 10, 2005 at 1:14 pm | Permalink

   Yep yep, just confirming that. Port 80 is the default HTTP port. Why somebody went and purposefully put it there, I dunno. ‘Course, it could have just been some software that did it behind someone’s back, as well. Hard to tell.

   Definitely not a security risk, though.

4. Thomas Conlon
   Posted May 10, 2005 at 3:13 pm | Permalink

   OH REALLY. Telnet in on port 80 and issue commands on your website, that will identify your web server and version, usually. Quite convenient to plan an attack.

   telnet timboucher.com 80

   Type “head”

   501 Method
   Not Implemented

   Method Not Implemented
   hed to /in
   dex.html not supported.

   Apache/2.0.50 (Fedora) Server at
   http://www.timboucher.com Port 80

   Connection to host lost.

   Now I know what type of server you are using.

   LINUX, eh?

   PS 1514 EDT 10 MAY 05 connection from aol, that was me.

5. Occult Investigator
   Posted May 10, 2005 at 3:25 pm | Permalink

   yeah thats what i was more worried about… so what does that mean? do i have to do anything? is there anything i can do?

6. LTR
   Posted May 10, 2005 at 4:57 pm | Permalink

   I think it was the secret thought police from Borders wondering why you haven’t phoned in for their survey and coupon yet.

7. Jon Headlee
   Posted May 10, 2005 at 7:04 pm | Permalink

   LOL, yes, the secret thought police in black suits. Borders, the center of all evil in the universe.

8. Thomas Conlon
   Posted May 10, 2005 at 8:38 pm | Permalink

   It means you better be patched up, I would look for buffer overflows in the near future.

   -tc

9. Occult Investigator
   Posted May 10, 2005 at 8:40 pm | Permalink

   patched up in what way? should i notify my hosting provider?

10. john
    Posted May 11, 2005 at 12:52 am | Permalink

    Thomas Conlon:

    what i don’t understand is how you know so much about computers if you are using AOL!! it just doesn’t add up.

11. Plosiguant
    Posted May 11, 2005 at 2:36 am | Permalink

    Probably nothing to worry about, possibly some script kiddie taking a chance, or possible somebody with a fairly old browser accessing it.

    You can notify your hosting provider, but I strongly doubt that anything will come of this. make sure you are backed up, just in case (you are doing this anyway, right?)

12. boing!!!
    Posted May 11, 2005 at 3:01 am | Permalink

    Firewall!! Man the battlements!

13. Thomas Conlon
    Posted May 11, 2005 at 9:58 am | Permalink

    I’m not using AOL, they own my ISP and so traffic to tim’s network will be “human-readably” identified as AOL equipment, OK? Thanks.

    Tim, you do have a router, right? You can set it to log those entries from that IP/range, just to be on the safe side.

    -tc
    syseng2msn.com