• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

a horde bug???

E

euro_gedimas

Guest
YEsterdays my access_log a full of theses lines:


ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:02 +0200] "GET /imp/login.php/ HTTP/1.1" 200 2849 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:02 +0200] "GET / HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:04 +0200] "GET /login.php?Horde3=bacf0c673f4e6844ef65c5cec9794178 HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:04 +0200] "GET /js/horde.js?Horde3=4bb5e6dbd33f7cee76e01260e70a26c2 HTTP/1.1" 200 7084 "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:04 +0200] "GET /imp/login.php HTTP/1.1" 200 2799 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /js/enter_key_trap.js?Horde3=4bb5e6dbd33f7cee76e01260e70a26c2 HTTP/1.1" 200 479 "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /imp/themes/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /imp/themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /js/horde.js HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/graphics/horde-power1.png HTTP/1.1" 304 - "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /js/enter_key_trap.js HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:05 +0200] "GET /themes/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /imp/themes/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /imp/themes/bluewhite/screen.css HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:11:06 +0200] "GET /themes/graphics/horde-power1.png HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:37 +0200] "GET / HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /login.php?Horde3=00356d2f4fab302e39b46bde7cc92edc HTTP/1.1" 302 26 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:37 +0200] "GET /imp/login.php/ HTTP/1.1" 200 2850 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /imp/login.php HTTP/1.1" 200 2799 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /js/horde.js?Horde3=5c7ea842141dfb215791465c04a39f10 HTTP/1.1" 200 7084 "http://webmail.worldconnect.lt/imp/login.php/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
ctv-213-164-109-186.vinita.lt - - [28/Jan/2007:12:14:38 +0200] "GET /js/horde.js HTTP/1.1" 304 - "http://webmail.ilnatele.lt/imp/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
Click to expand...

Is it normal? Or there was a horde exploit? :confused: Because it was connecting from different IPT's, and to different domains.
 
You must log in or register to reply here.

Similar threads

J
Issue Default plesk-apache-badbot fail2ban doesn't work
2
Replies
21
Views
7K
Kaspar
K
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
4K
Bitpalast
Bitpalast
M
Question Has my site been attacked?
Replies
8
Views
2K
Peter Debik
P
Azurel
Question unzip access_ssl_log not working as expected
Replies
0
Views
570
Azurel
Azurel
R
Resolved Huge attack on my server from china
Replies
3
Views
12K
rezouali95
R
Back
Top