Rogue site checking my store?

[carloscanas]

I was checking my server logs today to find out why mysql tables keep losing orders. I found this entry in my logs:

 

GET http://www.booood.com/proxy.php

 

When I went to the site I get the following:

 

HTTP_PROXY_CONNECTION:

HTTP_X_FORWARDED_FOR:

HTTP_VIA:

HTTP_MAX_FORWARDS:

REMOTE_ADDR=70.180.100.44

REMOTE_HOST=

HTTP_PC_REMOTE_ADDR=

HTTP_X_FWD_IP_ADDR=

HTTP_CONNECTION=

VIA:

HTTP_FORWARDED:

FORWARDED:

HTTP_X_BLUECOAT_VIA:

HTTP_PROXY____:

HTTP_PROXY___________:

HTTP_X_HOST:

HTTP_X_REFERER:

HTTP_X_SERVER_HOSTNAME:

PROXY_HOST:

PROXY_PORT:

PROXY_REQUEST:

HTTP_CLIENT_IP:

HTTP_PRAGMA:

super or gateway or noproxy

Level:1

?????=????????

????????1=????????

?????=????????

 

I do not exactly know what this means and I proceeded to modify my firewall to deny access to anything comming from this site. I'll apreciate if anyone can shed some light on this.

 

Carlos :'(

[Dutch317]

Not an expert but it looks to be a server acting as a proxy analyzer. Poss someone trying to access your server. It looks like they have been shut down now. You could do a whois check on the domain name and email the owner, could be that he was hacked and someone put a proxy server/proxy analyzer up on his machine.

If it was the case it may have put a heavy conection load on your sql server.