Comments on: Weird URL Request

By: Thomas Conlon

Thomas Conlon — Wed, 11 May 2005 13:58:44 +0000

I’m not using AOL, they own my ISP and so traffic to tim’s network will be “human-readably” identified as AOL equipment, OK? Thanks.

Tim, you do have a router, right? You can set it to log those entries from that IP/range, just to be on the safe side.

-tc
syseng2msn.com

By: boing!!!

boing!!! — Wed, 11 May 2005 07:01:06 +0000

Firewall!! Man the battlements!

By: Plosiguant

Plosiguant — Wed, 11 May 2005 06:36:03 +0000

Probably nothing to worry about, possibly some script kiddie taking a chance, or possible somebody with a fairly old browser accessing it.

You can notify your hosting provider, but I strongly doubt that anything will come of this. make sure you are backed up, just in case (you are doing this anyway, right?)

By: john

john — Wed, 11 May 2005 04:52:14 +0000

Thomas Conlon:

what i don’t understand is how you know so much about computers if you are using AOL!! it just doesn’t add up.

By: Occult Investigator

Occult Investigator — Wed, 11 May 2005 00:40:57 +0000

patched up in what way? should i notify my hosting provider?

By: Thomas Conlon

Thomas Conlon — Wed, 11 May 2005 00:38:50 +0000

It means you better be patched up, I would look for buffer overflows in the near future.

-tc

By: Jon Headlee

Jon Headlee — Tue, 10 May 2005 23:04:05 +0000

LOL, yes, the secret thought police in black suits. Borders, the center of all evil in the universe.

By: LTR

LTR — Tue, 10 May 2005 20:57:27 +0000

I think it was the secret thought police from Borders wondering why you haven’t phoned in for their survey and coupon yet.

By: Occult Investigator

Occult Investigator — Tue, 10 May 2005 19:25:26 +0000

yeah thats what i was more worried about… so what does that mean? do i have to do anything? is there anything i can do?

By: Thomas Conlon

Thomas Conlon — Tue, 10 May 2005 19:13:17 +0000

OH REALLY. Telnet in on port 80 and issue commands on your website, that will identify your web server and version, usually. Quite convenient to plan an attack.

telnet timboucher.com 80

Type “head”

501 Method
Not Implemented

Method Not Implemented
hed to /in
dex.html not supported.

Apache/2.0.50 (Fedora) Server at
http://www.timboucher.com Port 80

Connection to host lost.

Now I know what type of server you are using.

LINUX, eh?

PS 1514 EDT 10 MAY 05 connection from aol, that was me.

By: Darkshadow

Darkshadow — Tue, 10 May 2005 17:14:37 +0000

Yep yep, just confirming that. Port 80 is the default HTTP port. Why somebody went and purposefully put it there, I dunno. ‘Course, it could have just been some software that did it behind someone’s back, as well. Hard to tell.

Definitely not a security risk, though.

By: Occult Investigator

Occult Investigator — Tue, 10 May 2005 15:59:10 +0000

cool thats what i thought. just wanted to double check

By: Jonathan

Jonathan — Tue, 10 May 2005 15:55:51 +0000

Yeah, it’s a port number. Port 80 is the default port for HTTP, so http://www.timboucher.com:80/ is the same as http://www.timboucher.com. As for why it showed up that way in your logs in this particular case, it takes somebody more knowledgable than I, but I don’t think there’s anything to worry about.