我调查了我的 Lighttpd 访问日志,发现下面列出了一些奇怪的事情。我不知道它是好是坏,但是熊熊?我从来没有或这些网站我只将我的 Centos 用于网站托管。你能帮我理解这些日志吗?
87.219.0.18 download.bearshare.com - [26/Sep/2009:12:41:37 +0200] "GET http://download.bearshare.com/BSInstall.exe HTTP/1.0" 404 345 "-" "Mozilla/3.0 (compatible)"
87.219.17.44 proxyworld.ifrance.com - [26/Sep/2009:20:13:53 +0200] "GET http://proxyworld.ifrance.com/azenv.php HTTP/1.1" 404 345 "http://proxyworld.ifrance.com/azenv.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
87.219.17.44 proxyworld.ifrance.com - [26/Sep/2009:20:44:12 +0200] "GET http://proxyworld.ifrance.com/azenv.php HTTP/1.1" 404 345 "http://proxyworld.ifrance.com/azenv.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
118.168.162.245 - - [27/Sep/2009:12:43:58 +0200] "CONNECT 220.132.13.98:25 HTTP/1.0" 501 357 "-" "-"
125.224.203.130 203.188.201.253:25 - [28/Sep/2009:00:28:09 +0200] "CONNECT 203.188.201.253:25 HTTP/1.1" 501 357 "-" "-"
69.46.23.47 174.34.157.98 - [28/Sep/2009:23:48:54 +0200] "GET http://174.34.157.98/proxychecker/check.cgi?action=getinfo HTTP/1.1" 404 345 "http://www.google.com/search?hl=ru&q=free+proxy+checker&sourceid=navclient-ff&ie=UTF-8" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
125.224.203.130 203.188.201.253:25 - [28/Sep/2009:23:58:14 +0200] "CONNECT 203.188.201.253:25 HTTP/1.1" 501 357 "-" "-"
124.133.252.204 www.yahoo.com - [29/Sep/2009:10:25:59 +0200] "GET http://www.yahoo.com/ HTTP/1.1" 200 1953 "-" "Mozilla/5.0 (compatible; MSIE 5.01; Win2000)"
124.11.136.231 72.14.221.111:25 - [29/Sep/2009:14:59:51 +0200] "CONNECT 72.14.221.111:25 HTTP/1.1" 501 357 "-" "-"
125.224.197.97 203.188.201.253:25 - [01/Oct/2009:01:30:56 +0200] "CONNECT 203.188.201.253:25 HTTP/1.1" 501 357 "-" "-"
似乎有人试图将您的 lighttpd 服务器用作代理服务器。这意味着他们会连接到您并要求您代表他们获取网页或下载文件,然后透明地将其发回给他们。人们这样做的常见原因:
正如 404 和 501 HTTP 代码所示,您正在阻止其中的大多数。但是,从 124.133.252.204 到 yahoo.com 的连接给出了 200 代码,表示成功。您绝对应该检查您的 lighttpd 配置并确保mod_proxy被限制或禁用(除非您打算提供免费代理服务)。