I noticed this in my httpd error_log: access_log:31.7.59.132 - - [05/Nov/2011:20:18:26 -0400] "GET http://www.yahoo.com/bin/hostname HTTP/1.0" 404 210 "-" "-" The ip address does not belong to me, and I cannot figure out how my server could receive this request. Do I have a security hole. The same ip address made the same query several times in before. For now I am banning this ip from my server. Any ideas? Thanks
I guess the attacker has modified his hosts file so that www.yahoo.com points to your server. Not sure why, though.
