unusual http access in proxy log

From: Martin K. Lee - XML Consulting (martin.lee@xmlconsulting.com.au)
Date: 01/23/03

  • Next message: Jason Coombs: "RE: Hacked web server" 
    Date: Thu, 23 Jan 2003 17:09:58 +1100
From: "Martin K. Lee - XML Consulting" <martin.lee@xmlconsulting.com.au>
To: "Martin K. Lee - XML Consulting" <martin.lee@xmlconsulting.com.au>

     
    All,
     
    While I was checking a client's proxy log file, I found thousands of
    http access from a few hosts to the follow URL:
    http://www.instituto.com.br/attackDoS.php?ver=01&task=newzad&first=1
     
    Has anyone seen this before? I did a search in google and it seems like
    it exists in quite a lot of proxy log.

    Regards,
    Martin K. Lee
    Senior Consultant
    martin.lee@xmlconsulting.com.au
    PGP Fingerprint: DD34 4218 6D6E BB26 2D2C F596 DE8A 58A8 C128 BCD1

    Disclaimer:
    The information in this electronic mail message is private and
    confidential, and only intended for the addressee. Should you
    receive this message by mistake, you are hereby notified that
    any disclosure, reproduction, distribution or use of this message
    is strictly prohibited. Please inform the sender by reply transmission
    and delete the message without copying or opening it.

    Messages and attachments are scanned for all viruses known.
    If this message contains password-protected attachments, the
    files have NOT been scanned for viruses by the XML Consulting
    mail domain.

    Always scan attachments before opening them.

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com