I am running ispconfig and lateley i have been seeing the below in the access logs 194.72.238.62 - - [26/Jun/2007:00:41:45 -0500] "\x16\x03" 501 1026 "-" "-" 194.72.238.62 - - [27/Jun/2007:01:49:06 -0500] "\x16\x03\x01" 501 1026 "-" "-" 218.59.120.244 - - [29/Jun/2007:11:51:20 -0500] "GET http://www.filesdatabase.com/azenv.php HTTP/1.0" 404 1092 "-" "-" 59.120.56.5 - - [30/Jun/2007:04:31:09 -0500] "\x16\x03" 501 1026 "-" "-" 194.72.238.62 - - [19/Jun/2007:18:34:52 -0500] "\x16\x03" 501 1026 "-" "-" 59.125.204.97 - - [19/Jun/2007:18:57:43 -0500] "\x16\x03" 501 1026 "-" "-" 194.72.238.62 - - [22/Jun/2007:20:47:05 -0500] "\x16\x03\x01" 501 1026 "-" "-" 62.193.229.173 - - [24/Jun/2007:06:21:37 -0500] "GET http://70.86.199.18/~oddity/printenv.php HTTP/1.1" 404 1083 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" It looks to me like someone is trying to proxy through my server but I am unsure. How can I stop it or is it normal Thanks
Looks like normal bots trying to abuse your apache.. Most likely your apache is already patched and protected against such exploits. (Buffer overflow, malformed packages etc) Normal background noise on the net. Just ignore it for now... worst case simply block IP by firewall.
