Is this a hack attempt?

[Newposter]

[19/Sep/2003:17:44:57 -0400] "GET / HTTP/1.1" 412 327
[19/Sep/2003:17:44:57 -0400] "GET / HTTP/1.1" 304 -[19/Sep/2003:17:44:58 -0400] "GET / HTTP/1.1" 206 7772

If so, what vulnerability is it trying to exploit, and how can I protect against it?

Newposter
"Good judgment comes from experience. Experience comes from bad judgment."

 

[tarn]

No its probably not an attempt to hack your server basicaly a client machine somewhere is attempting to see your default page.

You can produce the exact same thing with:

telnet

http://www.yourhost.com

80
then you get a flashing cursor ...
type GET and hit return and you get the following back:

<!DOCTYPE HTML PUBLIC &quot;-//IETF//DTD HTML 2.0//EN&quot;>
<HTML><HEAD> <TITLE>302 Found<TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF=&quot;

http://www.yourhost.com/&quot;>here</A>.<P>

</BODY></HTML>
Connection to host lost.

Well something like that, and then you will see what you described in your posting in the log file.

So basically its a &quot;simple&quot; client request to your server.

Laurie.