Strange GET requests in logs

logging

I'm getting the following GET requests in my apache logs:

109.230.251.14 - - [29/Mar/2011:16:28:18 +0100] "GET http://209.191.92.114/config/pwtoken_get?login=jackmcphee232&src=ygodgw&passwd=e59e2240415e6f1aba3da72b8f189f4e&challenge=9TbU_9yfZhKmzlHtK9X4OkQlesTH&md5=1 HTTP/1.0" 404 1226 "-" "-"

Any idea what it could be and how is that possibly a get request? That IP address seems to point to Yahoo! I'm very confused.


I had the same issue. After a long search I found this wiki article that explains what's going on pretty well.

http://wiki.apache.org/httpd/ProxyAbuse


Sadly, it's just one of the many automated vulnerability tests constantly peppering web servers these days.

Related

What rule can I use in ModSecurity to log POST payload for a specific site?
FTP Active vs passive mode
Migrate from Exchange 2010 to Exchange 2016
DNS resolve timeout on RHEL 6.3 behind firewall
Is it possible to add a local user to the admins group through group policy?
bind9 in a chroot jail - necessary or not?
How can we open our firewall to allow Google Analytics?
Testing nameserver configuration using it
Possibility of WAN Optimization for SSH traffic
Is there a sensible way of 'teaming' two ADSL connections?
postfix discard or change Message-ID header based on another header line
IIS 6 - Setting up 301 redirect for non-www to www for SEO