[tmbchr]™

Weird URL Request



I was just looking through my logs, and saw somebody had requested the URL http://www.timboucher.com:80/. Does anybody know that that :80 refers to? Is it some kind of port or something? If so, is there any potential risk of a person requesting that URL? I’ve never seen it before, so I don’t really know what the purpose of tacking that on would be. Any help?







13 Reader Responses

  1. Jonathan Says:
    May 10th, 2005 at 11:55 am

    Yeah, it’s a port number. Port 80 is the default port for HTTP, so http://www.timboucher.com:80/ is the same as http://www.timboucher.com. As for why it showed up that way in your logs in this particular case, it takes somebody more knowledgable than I, but I don’t think there’s anything to worry about.

  2. Occult Investigator Says:
    May 10th, 2005 at 11:59 am

    cool thats what i thought. just wanted to double check

  3. Darkshadow Says:
    May 10th, 2005 at 1:14 pm

    Yep yep, just confirming that. Port 80 is the default HTTP port. Why somebody went and purposefully put it there, I dunno. ‘Course, it could have just been some software that did it behind someone’s back, as well. Hard to tell.

    Definitely not a security risk, though.

  4. Thomas Conlon Says:
    May 10th, 2005 at 3:13 pm

    OH REALLY. Telnet in on port 80 and issue commands on your website, that will identify your web server and version, usually. Quite convenient to plan an attack.

    telnet timboucher.com 80

    Type “head”

    501 Method
    Not Implemented

    Method Not Implemented
    hed to /in
    dex.html not supported.

    Apache/2.0.50 (Fedora) Server at
    www.timboucher.com Port 80

    Connection to host lost.

    Now I know what type of server you are using.

    LINUX, eh?

    PS 1514 EDT 10 MAY 05 connection from aol, that was me.

  5. Occult Investigator Says:
    May 10th, 2005 at 3:25 pm

    yeah thats what i was more worried about… so what does that mean? do i have to do anything? is there anything i can do?

  6. LTR Says:
    May 10th, 2005 at 4:57 pm

    I think it was the secret thought police from Borders wondering why you haven’t phoned in for their survey and coupon yet.

  7. Jon Headlee Says:
    May 10th, 2005 at 7:04 pm

    LOL, yes, the secret thought police in black suits. Borders, the center of all evil in the universe. :)

  8. Thomas Conlon Says:
    May 10th, 2005 at 8:38 pm

    It means you better be patched up, I would look for buffer overflows in the near future.

    -tc

  9. Occult Investigator Says:
    May 10th, 2005 at 8:40 pm

    patched up in what way? should i notify my hosting provider?

  10. john Says:
    May 11th, 2005 at 12:52 am

    Thomas Conlon:

    what i don’t understand is how you know so much about computers if you are using AOL!! it just doesn’t add up.

  11. Plosiguant Says:
    May 11th, 2005 at 2:36 am

    Probably nothing to worry about, possibly some script kiddie taking a chance, or possible somebody with a fairly old browser accessing it.

    You can notify your hosting provider, but I strongly doubt that anything will come of this. make sure you are backed up, just in case (you are doing this anyway, right?)

  12. boing!!! Says:
    May 11th, 2005 at 3:01 am

    Firewall!! Man the battlements!

  13. Thomas Conlon Says:
    May 11th, 2005 at 9:58 am

    I’m not using AOL, they own my ISP and so traffic to tim’s network will be “human-readably” identified as AOL equipment, OK? Thanks.

    Tim, you do have a router, right? You can set it to log those entries from that IP/range, just to be on the safe side.

    -tc
    syseng2msn.com



SURROUND YOURSELF WITH STRENGTH.