I hope this is the right forum. I've been reviewing the access logs for the base IP on my server (at which I have only an error page configured, not a working site) and I see three entries that concern me (all of them occur numerous times in the last few days):
18.104.22.168 - - [07/May/2003:20:12:25 -0500] "GET http://www.sina.com.cn/ HTTP/1.1" 200 531 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
22.214.171.124 - - [12/May/2003:15:15:15 -0500] "GET http://www.ebay.com/ HTTP/1.1" 200 531 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
126.96.36.199 - - [17/May/2003:17:50:30 -0500] "GET / HTTP/1.0" 200 531 "-" "check_http/188.8.131.52 (nagios-plugins 1.3.0-alpha1)"
Now as far as the last one, it seems that nagios-plugins is server monitoring software, which I don't have installed. So I assume this is some wannabe crackers scanning my ports or something, but my system is pretty tight so I'm not too concerned about that. If I'm wrong, let me know.
What I'm confused about are the first two. These are requests for sina.com.cn and ebay.com via my server. The bytes delivered is 531, which tells me the server only served up my error index page (which is exactly that size), but the Apache code 200 tells me the request was successful.
What am I missing here? How can someone access a 3rd party domain and have a successful http connection in MY Apache log? And why would they want to?