Possible Duplicate:
My server's been hacked EMERGENCY
Looking thru my logs, I found this:
(The log files are on that paste).
Question is, this guy began using "all requests allowed" which is...? (Explain it please?) and eventually was making requests from "127.0.0.1" which means he's using my local system?
If anyone can explain this, or help prevent it, I'd like to know, and this would be highly appreciated.
Thanks!
PS: I've since blocked their IP, but what's stopping this from happening again?
Don't panic. As a general advice, before reading logs and trying to get some security-related meaning out of them, be sure to have a sufficiently thorough understanding of what it does mean. Otherwise you end up with a heart attack over too many "dangerously looking" log entries.
What you see is simply Internet background noise - someone trying to pick on your configuration for possible weaknesses. Such "attacks" are usually simply blind attempts to exploit configuration problems or implementation bugs, most of them without any effect. There is absolutely no way to prevent this.
The 127.0.0.1 log entry you see in your original log paste is an entry which has been induced by your own system - most probably not on the behalf of the attacker but through your own actions.
