httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zac Stevens <burri...@cryptocracy.com>
Subject Re: authenticated users in logs yet they don't exist
Date Fri, 24 May 2002 07:55:44 GMT
Hi Jason,

On Fri, May 24, 2002 at 01:43:44AM -0600, Jason wrote:
> I'm having an authenticated username 'toto' appear in my logs that simply
> doesn't exist on my server.  There are no .htaccess files with that username
> and I have no groups being used (I did a recursive grep to double check).
> It just looks like they are in public areas but I'm stumped after 4 days of
> digging to figure out how my server authenticated that username.
> 
> Would a username from a visitors previous page (before coming to my server)
> still carry with it the username?

It shouldn't, but a link to your site of the form
"http://user@www.yourdomain.com/" would do it.  This could also be the
signature of some form of web crawler, or broken client doing exactly what
you describe above.  If you're interested in tracking it further, you might
want to see if you can correlate the entries with a particular client IP
address, referer, or user agent.

In any event, it isn't really anything worth worry about - in my humble
opinion, anyway.

HTH,

Zac


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message