[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Identical http request in log file



On Saturday 31 January 2004 02:10, Andreas Jägermann wrote:
> > On Friday 30 January 2004 14:51, Andreas Jägermann wrote:
> > > Is this a security problem at my site? How can I prevent this without
> > > limiting access to certain ip addresses? I'm using SuSE 8.0 with all
> > > patches applied.
> > >
> > > Any hint is appreciated. Thanks in advance.
> >
> > I'm guessing your user has spyware on his machine.
> > If its windows he should try spybot search and destroy
> > or adaware.
>
> This was my first thought, too. But spybot and an additional virus scan did
> not produce any significant result.

If it is limited to that single user it would have to be somewhere on
his end, or along the route to you.  Perhaps a traceroute from
his end would reveal something - maybey a caching proxy server
between him and you.

Also a netstat -an from his machine immediatly (within a second)
of requesting a page on your site might reveal odd connections
to some other site.  

If you ever figure it out besure to post here as this is
quite interesting.

-- 
_____________________________________
John Andersen

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here