[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Identical http request in log file

On Saturday 31 January 2004 02:10, Andreas Jägermann wrote:
> > On Friday 30 January 2004 14:51, Andreas Jägermann wrote:
> > > Is this a security problem at my site? How can I prevent this without
> > > limiting access to certain ip addresses? I'm using SuSE 8.0 with all
> > > patches applied.
> > >
> > > Any hint is appreciated. Thanks in advance.
> >
> > I'm guessing your user has spyware on his machine.
> > If its windows he should try spybot search and destroy
> > or adaware.
> This was my first thought, too. But spybot and an additional virus scan did
> not produce any significant result.

If it is limited to that single user it would have to be somewhere on
his end, or along the route to you.  Perhaps a traceroute from
his end would reveal something - maybey a caching proxy server
between him and you.

Also a netstat -an from his machine immediatly (within a second)
of requesting a page on your site might reveal odd connections
to some other site.  

If you ever figure it out besure to post here as this is
quite interesting.

John Andersen

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here