Help with log analysis please

beesond001 at hawaii.rr.com beesond001 at hawaii.rr.com
Mon Jul 30 22:17:42 PDT 2001


To all,  
	As I was going through some of my logs today I noticed something curious 
and as I began digging deeper, I began to get that sinking feeling.  Now, 
I am no expert, and I would sure appreciate it if you guys could help me 
decipher this and tell me if my hunch is correct.  My hunch is that the 
following IP addresses have borrowed my computer to try and visit a few 
web sites with...  My other hunch is that I should have caught it sooner, 
 but that is a different story...
65.34.103.143 - - [30/Jul/2001:01:18:11 -1000] "GET http://www.s3.com/ 
HTTP/1.1" 404 301
61.144.144.190 - - [19/Jul/2001:00:37:47 -1000] "GET 
http://www.yahoo.com/ HTTP/1.1" 404 304
61.144.141.144 - - [20/Jul/2001:23:50:25 -1000] "GET 
http://www.yahoo.com/ HTTP/1.1" 404 304 
128.132.37.68 - - [07/Jul/2001:06:42:54 -1000] "GET 
http://www.mpogd.com/gotm/ HTTP/1.1" 404 309
 Now just for grins I ran "last" and no one here was logged in at these 
times.  
	Now, I have also noticed a bunch of chicanery in my logs this month, and 
it appears that my firewall has stopped all the stuff I see in 
/var/log/messages.  This stuff showed up elsewhere and now I am beginning 
to feel that  something a little more is up.   
	What I would like is if someone could provide me some tips for figuring 
out how these log entries appeared and what I should do to plug those 
holes.  I will be willing to share log files etc, but I don't wish to 
post them to the list a) in their present form, and also b) to save a 
little space on the server. 

Thanks in advance,
Ben   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20010731/d67c1e2a/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/rtf
Size: 5686 bytes
Desc: filename="text1.rtf"
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20010731/d67c1e2a/attachment-0001.rtf>


More information about the LUAU mailing list