1

I was running python -m http.server that's just a simple http server so I could transfer a file. While my server was up (on a public-facing port) it received the following:

93.174.93.136 - - [22/Aug/2016 23:09:24] code 404, message File not found
93.174.93.136 - - [22/Aug/2016 23:09:24] "GET http://www.baidu.com/cache/global/img/gs.gif HTTP/1.1" 404

What was happening here? I assume it was some sort of hacking attempt - though I'm not sure if it was directed at me, or at someone else.

Wayne Werner
  • 1,755
  • 3
  • 15
  • 20
  • 1
    Honestly, that looks like nothing more than the usual noise all web servers get. – Alexander O'Mara Aug 24 '16 at 03:26
  • Typical scan which looks for hosts which can be misused as open proxy. – Steffen Ullrich Aug 24 '16 at 04:02
  • I wouldn't have guessed it's a "primarily opinion-based question", but from the comments it looks so... – techraf Aug 24 '16 at 04:18
  • No it is not a hacking attempt, someone was trying to GET a image which was not placed on your server, so got 404 instead of 200. So common. If it was a POST request, you may have had to be worry since it won't log anything, but not for this one. HTTP/1.1 is for version, you can learn how it works if you try to get the header of a site by telneting to it. So be happy, and enjoy the rest of your week. –  Aug 24 '16 at 04:37
  • @FarazX Please don't answer the question in the comments section. If you want to answer, use an answer field. – techraf Aug 24 '16 at 04:50
  • @FarazX even though I'm serving on a non-standard port? Seems suspcious – Wayne Werner Aug 24 '16 at 04:51
  • @techraf not a serious question, and is marked as duplicate so ... I just wanted to help the OP to understand what is going on. –  Aug 24 '16 at 04:55
  • @WayneWerner No worry mate, it's just a simple GET request, no SQL Injection, no File Inclusion, nothing. –  Aug 24 '16 at 04:57
  • While this looks like a harmless scan, I am a bit surprised that ``http://www.baidu.com/`` requests are reaching the OP's server. Or am I missing something here? – RedBaron Aug 24 '16 at 05:21
  • @RedBaron that was what piqued my curiosity - it looks like they connected to my IP:8181, then they produced maybe `GET http://www.baidu.com/cache/global/img/gs.gif HTTP/1.1`? Very strange. – Wayne Werner Aug 24 '16 at 13:12

0 Answers0