[CentOS] semi OT: logwatch results

Fri Jul 18 16:13:39 UTC 2008
Robert - elists <lists07 at abbacomm.net>

Semi Off Topic

My searching hasn't found what I consider superior info, and we are
wondering from others experience on this list...

In the logwatch results we all see the info below on almost a daily basis

I have taken the liberty of combining logwatch results from centos 4 and 5
machines for extra info and future searchability

-----
Centos 4
-----

--------------------- httpd Begin ------------------------

GET http://scifi.pages.at/myproxies/azenv.php HTTP/1.1 with response code(s)
404 1 responses

GET http://thecric.free.fr/AZenv/azenv.php HTTP/1.1 with response code(s)
404 1 responses

-----
Centos 5
-----

--------------------- httpd Begin ------------------------ 

 Requests with error response codes

       http://scifi.pages.at/myproxies/azenv.php: 2 Time(s)
       http://thecric.free.fr/AZenv/azenv.php: 2 Time(s)

  GET http://scifi.pages.at/myproxies/azenv.php HTTP/1.1 with response
code(s) 404 3 responses

  GET http://thecric.free.fr/AZenv/azenv.php: 2 Time(s) HTTP/1.1 with
response code(s) 404 3 responses


Is it like people are setting up servers to do advertising in our logs while
looking for some vulnerabilities?

Thanks in advance for your insight...  :-)

 - rh