on a fairly new and unpublicized site, we're getting this in the logs
Type httpd Date Friday, January 21, 2005 - 16:15
User Anonymous Location http://hpcgi1.nifty.com:80/trino/ProxyJ/prxjdg.cgi
Message 404 error: trino/ProxyJ/prxjdg.cgi not found. Hostname 211.200.8.200
several times a day, these show up as often as one or more a minute, but are sometimes a couple minutes apart.
nifty.com is apparently a Japanese ISP, based on a few scattered English words on their site.
has anyone seen this on their sites? is this something targeted specifically at Drupal?
Thanks, Andrew
------------------------------------------------- Andrew Michael Cohill, Ph.D. Information architect
Design Nine provides technology master planning services, community network planning, technology audits, and telecommunications project management to communities and organizations trying to make wise technology and telecommunications expenditures. Design Nine represents the interests of the organization or community, rather than the interests of vendors.
Visit the Design Nine News page for frequently updated news and commentary on technology issues. http://www.designnine.com/news/
Design Nine, Inc. http://www.designnine.com/ Blacksburg, Virginia Voice: 540.951.4400 Cell: 540.320.4406
has anyone seen this on their sites? is this something targeted specifically at Drupal?
This is definitely not targeted at Drupal, so nothing to worry about. I've seen tons of weird stuff in my logs, usually they are either spammers (trying to put their URL inside my referrer stats which might be spidered by search engines) or viruses/exploits trying to exploit Microsoft IIS. There are no known Drupal exploits, though we did fix a Javascript/XSS validation error in our last release (see the 4.5.2 announcement).
Steven Wittens
Hi,
I am not very familiar with the system. But I have the same problems with a an ISP from the Netherlands and from the USA. On the website in the second case there is website and it´s seems to be that the owner didn´t pay this provider.
Albrecht
-- orthoPoint Germany http://www.orthoPoint.com
Albrecht Marignoni Weststrasse 49 D - 59065 Hamm
tel: 0049 - 2381 - 49 20 12 fax: 0049 - 2381 - 49 20 13
Read my Blog http://www.orthopoint.de/drupal/?q=blog/1 English and German
----- Original Message ----- From: "Andrew Cohill" cohill@designnine.com To: drupal-support@drupal.org Sent: Friday, January 21, 2005 5:55 PM Subject: [drupal-support] hackers? dumb bots?
on a fairly new and unpublicized site, we're getting this in the
logs
Type httpd Date Friday, January 21, 2005 - 16:15
User Anonymous Location http://hpcgi1.nifty.com:80/trino/ProxyJ/prxjdg.cgi
Message 404 error: trino/ProxyJ/prxjdg.cgi not found. Hostname 211.200.8.200
several times a day, these show up as often as one or more a minute, but are sometimes a couple minutes apart.
nifty.com is apparently a Japanese ISP, based on a few scattered English words on their site.
has anyone seen this on their sites? is this something targeted specifically at Drupal?
Thanks, Andrew
Andrew Michael Cohill, Ph.D. Information architect
Design Nine provides technology master planning services, community network planning, technology audits, and telecommunications project management to communities and organizations trying to make wise technology and telecommunications expenditures. Design Nine
represents
the interests of the organization or community, rather than the interests of vendors.
Visit the Design Nine News page for frequently updated news and commentary on technology issues. http://www.designnine.com/news/
Design Nine, Inc. http://www.designnine.com/ Blacksburg, Virginia Voice: 540.951.4400 Cell: 540.320.4406
-- [ Drupal support list | http://lists.drupal.org/ ]
Hi,
A while ago I started a site, on a domain that was abandoned only a short while before I started my site. My logs filled up with spiders and ppl looking for the old pages.
Might be the case here too, allthough Stevens possibilies are more likely.
Looks like it's a test program for seeing if a proxy you are using is truly anonymous. If you google for that URL, you'll see tons of people reporting the same thing for that particular site.
ProxyJudge is here: http://proxyjudge.org/
and the url for that nifty.com address is listed here: http://web.freerk.com/proxyjudge/prxjdg.htm
Now, what's strange is that it appears that ProxyJudge isn't an open proxy web spider, which would be looking for an open Squid proxy or similar running on your site. I originally thought it was. My guess is that someone mistyped the IP address in a script - the IP for the nifty.com site is: http://61.121.100.107/trino/ProxyJ/prxjdg.cgi
Could your site's IP be similar? My other guess is that someone on that server or the local subnet the server is on is hitting that site trying to see if you are running a proxy. If so that could be a sign of a problem, since someone looking for a proxy between themselves and a remote server is probably trying to do something bad/illegal.
In any event there's nothing to worry about unless you are running an open proxy on your site, in which case you probably have bigger problems than this little script. :)
Good luck!
- Todd
Andrew Cohill wrote:
on a fairly new and unpublicized site, we're getting this in the logs
Type httpd Date Friday, January 21, 2005 - 16:15
User Anonymous Location http://hpcgi1.nifty.com:80/trino/ProxyJ/prxjdg.cgi
Message 404 error: trino/ProxyJ/prxjdg.cgi not found. Hostname 211.200.8.200
several times a day, these show up as often as one or more a minute, but are sometimes a couple minutes apart.
nifty.com is apparently a Japanese ISP, based on a few scattered English words on their site.
has anyone seen this on their sites? is this something targeted specifically at Drupal?
Thanks, Andrew
Andrew Michael Cohill, Ph.D. Information architect
Design Nine provides technology master planning services, community network planning, technology audits, and telecommunications project management to communities and organizations trying to make wise technology and telecommunications expenditures. Design Nine represents the interests of the organization or community, rather than the interests of vendors.
Visit the Design Nine News page for frequently updated news and commentary on technology issues. http://www.designnine.com/news/
Design Nine, Inc. http://www.designnine.com/ Blacksburg, Virginia Voice: 540.951.4400 Cell: 540.320.4406
-
Albrecht Marignoni -
Andrew Cohill -
Bèr Kessels -
Steven Wittens -
Todd Dailey