httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Cioffi" <ot...@stopthesanity.org>
Subject [users@httpd] Help: Getting HUGE number of hits from wrong sites
Date Wed, 28 Aug 2002 22:24:15 GMT
Hi there,

I've been monitoring my access logs for the last several days and have
noticed that I get a HUGE number (20k+/day) of page requests for domains
that have nothing to do with me.

Most of the sites are pr0n related.  I've gone through the DNS records with
dig and I can't figure out why the requests are being sent to me.

Here's a sample line:
stopthesanity.org 24.90.155.12 - - \
    [28/Aug/2002:17:55:14 -0400] \
   "GET http://www.southern-charms.com/accalia/private/members.htm HTTP/1.0"
\
    404 221 "http://anonymous:nobody@nowhere.com@www.southern-\
    charms.com/accalia/private/members.htm" \
    "Mozilla/4.72 ( compatible; MSIE 4.0; Windows NT5.0; DigiExt )"

The requesting IP isn't related to anything on my or my ISPs network
(64.83.*) and dig gives the following southern-charms.com report:

; <<>> DiG 8.3 <<>> southern-charms.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      southern-charms.com, type = A, class = IN

;; ANSWER SECTION:
southern-charms.com.    6d15h30m39s IN A  64.159.87.117

;; AUTHORITY SECTION:
southern-charms.com.    5h33m43s IN NS  NS1.CANDIDHOSTING.com.
southern-charms.com.    5h33m43s IN NS  NS2.CANDIDHOSTING.com.

;; ADDITIONAL SECTION:
NS1.CANDIDHOSTING.com.  11h45m58s IN A  64.159.90.4
NS2.CANDIDHOSTING.com.  11h45m58s IN A  64.159.90.10

;; Total query time: 30 msec
;; FROM: discord.stopthesanity.org to SERVER: default -- 127.0.0.1
;; WHEN: Wed Aug 28 18:19:20 2002
;; MSG SIZE  sent: 37  rcvd: 135

I've done dozen's of digs on various domains.  It's not just coming from a
single hosting company.

If it helps, I've also run an error log report from ScanErr.  It reports
many thousands (100k+) of proxy errors over the last month.  Could this be
caused by a misconfigured proxy server?  Does anyone know of a way I might
backtrack to where this is comming from?

TIA.  This is really cutting into my bandwidth and since I only have a 384k
DSL line I'd like to resolve this issue.  As a last resort I'm considering
requesting new IPs from my ISP, but that would be *very* disruptive.  (I not
only host my own stuff, but I do DNS and mail backup for a few other
companies.)

Chris
--
Chris <chris@stopthesanity.org>
  Junior Birdman(TM) in training
  http://stopthesanity.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message