log entry .. hacker?

[Tracey]

hi

perusing my logs, i find this entry in access.log

adsl-62-167-201-122.adslplus.ch - - [14/Oct/2003:07:17:53 +1300] "OPTIONS * HTTP/1.0" 403 321 "-" "-"

and corresponding error.log entry

[Tue Oct 14 07:17:53 2003] [error] [client 62.167.201.122] (20025)Error string not specified yet: access to * failed

is this a hacker?



Tracey
Remember... True happiness is not getting what you want...

Its wanting what you have got!

 

[jpl931]

Probably someone snooping looking for an open port. I get them sometimes also.

 

[tarn]

Like "jpl931" says its probably someone looking for weeknesses so that they can attempt an attack or exploit your server in some way.

This is the result they would have seen (on one of my local test servers [un-patched]) after a telnet to port 80 on your server and issuing that command:

HTTP/1.1 200 OK
Date: Tue, 21 Oct 2003 19:49:37 GMT
Server: Apache/1.3.20 (Unix) (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b DAV/1
.0.2 PHP/4.0.6 mod_perl/1.24_01
Content-Length: 0
Allow: GET, HEAD, OPTIONS, TRACE
Connection: close

Connection to host lost.

Be sure you are up to date with all security patching.

Good Luck,
Laurie.