I got the following entry in my access log. The host is not helpful at all! Would someone please tell me if this kind of entry is an attempt to hack somehow? Notice the IP address 127.0.0.1 - and there is no foo.jpg in my images folder.

127.0.0.1 - - [01/May/2007:02:00:00 -0500] "GET /images/foo.jpg HTTP/1.0" 200 6429 "http://www.foo.com/" "Mozilla/4.03 [en] (Win95; I ;Nav)"

What should I do?

[size=x-small]EDITED TO ADD:[/size]

I notice this in my Protector settings for the default "Reliable IPs": ^192.168.|127.0.0.1

I do not test from home computer, should both those IPs be included? I'm not sure what they are there for, would someone please explain?

Thanks,

Cuidiu

127.0.0.1 is localhost. Meaning the computer the site is hosted on. If you take out that IP, scripts on the site that you want to run, may end up getting blocked.

^192.168. is a non-routable subnet. Meaning, this is for Local Area Networks. Often, a hosting provider will place a large collection of servers behind a NAT Firewall to help prevent against port-based hacks. Again, don't remove that address as it may break things if you do.

As far as the access attempt goes, that looks spoofed. In other words, someone is hiding their real IP and User Agent (browser).

It looks as though they are just sniffing around. They are trying to see if you have fancy indexing turned on.

Make sure your modules are up to date, protector is installed and configured properly, your files and folders are chmod as restrictive as functionally possible, make sure you have an index.html in all writable folders with the following code in it



For added protection, either turn off indexing through cPanel (if you have it), or add this .htaccess file to your site



HTH

Thank you JMorris for that detailed explanation! Very helpful! I just upgraded this morning to the most recent Protector and have already employed the other methods you suggest so it looks like I'm doing about as much as possible. Thank you again.

Cuidiu