Help with log analysis please
beesond001 at hawaii.rr.com
beesond001 at hawaii.rr.com
Mon Jul 30 22:26:40 PDT 2001
Jon and others,
Yes I will most certainly do that!! My intent is not only to fix my
box, but also help the rest of the world keep their boxes up tight!!
Ben
Original Message dated 7/30/01, 7:24:35 PM
Author: "Jon Reynolds" <proteon at gci.net>
Re: [luau] RE: Help with log analysis please:
Ben, even though I can't help you with this i would like to know the
resolution, so even if you do send it to someone on the list privately
will you change it up enough, to protect the innocent as Warren puts it,
to let me see how this is done also?
Jon
-----Original Message-----
From: beesond001 at hawaii.rr.com [mailto:beesond001 at hawaii.rr.com]
Sent: Monday, July 30, 2001 9:18 PM
To: Linux & Unix Advocates & Users
Subject: [luau] Help with log analysis please
To all,
As I was going through some of my logs today I noticed something curious
and as I began digging deeper, I began to get that sinking feeling. Now,
I am no expert, and I would sure appreciate it if you guys could help me
decipher this and tell me if my hunch is correct. My hunch is that the
following IP addresses have borrowed my computer to try and visit a few
web sites with... My other hunch is that I should have caught it sooner,
but that is a different story...
65.34.103.143 - - [30/Jul/2001:01:18:11 -1000] "GET http://www.s3.com/
HTTP/1.1" 404 301
61.144.144.190 - - [19/Jul/2001:00:37:47 -1000] "GET
http://www.yahoo.com/ HTTP/1.1" 404 304
61.144.141.144 - - [20/Jul/2001:23:50:25 -1000] "GET
http://www.yahoo.com/ HTTP/1.1" 404 304
128.132.37.68 - - [07/Jul/2001:06:42:54 -1000] "GET
http://www.mpogd.com/gotm/ HTTP/1.1" 404 309
Now just for grins I ran "last" and no one here was logged in at these
times.
Now, I have also noticed a bunch of chicanery in my logs this month, and
it appears that my firewall has stopped all the stuff I see in
/var/log/messages. This stuff showed up elsewhere and now I am beginning
to feel that something a little more is up.
What I would like is if someone could provide me some tips for figuring
out how these log entries appeared and what I should do to plug those
holes. I will be willing to share log files etc, but I don't wish to post
them to the list a) in their present form, and also b) to save a little
space on the server.
Thanks in advance,
Ben
--- You are currently subscribed to luau as: proteon at gci.net To
unsubscribe send a blank email to $subst('Email.Unsub')
---
You are currently subscribed to luau as: beesond001 at hawaii.rr.com
To unsubscribe send a blank email to $subst('Email.Unsub')
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20010731/544e5766/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/rtf
Size: 8192 bytes
Desc: filename="text1.rtf"
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20010731/544e5766/attachment-0001.rtf>
More information about the LUAU
mailing list