• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

a horde bug???

E

euro_gedimas

Guest
YEsterdays my access_log a full of theses lines:


ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:02 +0200] "GET /imp/login.php/ HTTP/1.1" 200 2849 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:02 +0200] "GET / HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:04 +0200] "GET /login.php?Horde3=bacf0c673f4e6844ef65c5cec9794178 HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:04 +0200] "GET /js/horde.js?Horde3=4bb5e6dbd33f7cee76e01260e70a26c2 HTTP/1.1" 200 7084 "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:04 +0200] "GET /imp/login.php HTTP/1.1" 200 2799 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /js/enter_key_trap.js?Horde3=4bb5e6dbd33f7cee76e01260e70a26c2 HTTP/1.1" 200 479 "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /imp/themes/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /imp/themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /js/horde.js HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/graphics/horde-power1.png HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /js/enter_key_trap.js HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /imp/themes/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /imp/themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /themes/graphics/horde-power1.png HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:37 +0200] "GET / HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /login.php?Horde3=00356d2f4fab302e39b46bde7cc92edc HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:37 +0200] "GET /imp/login.php/ HTTP/1.1" 200 2850 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /imp/login.php HTTP/1.1" 200 2799 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /js/horde.js?Horde3=5c7ea842141dfb215791465c04a39f10 HTTP/1.1" 200 7084 "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /js/horde.js HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"

Is it normal? Or there was a horde exploit? :confused: Because it was connecting from different IPT's, and to different domains.
 
Back
Top