httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "R'twick Niceorgaw" <pub...@utkalika.net>
Subject Re: [users@httpd] any way to stop these ?
Date Tue, 14 Jan 2003 17:00:36 GMT
Thanks Thomas.
how can I be so stupid and forget about google!

It seems they are not doing much harm. I'm not sure though why would they
look for any real media content on my server.

R'twick
----- Original Message -----
From: "Thomas Bolioli" <info@terranovum.com>
To: <users@httpd.apache.org>
Sent: Tuesday, January 14, 2003 11:43 AM
Subject: Re: [users@httpd] any way to stop these ?


> Actually I just googled for the prefix string and it appears to be Real
> Player behind a firewall.
>
http://www.google.com/search?q=SmpDsBhgRl&sourceid=mozilla-search&start=0&st
art=0&ie=utf-8&oe=utf-8
> Tom
>
> Thomas Bolioli wrote:
>
> > Definitely intriguiing. SmpDsBhgRl seems to prefix the GETs while the
> > POSTS are just that (SmpDsBhgRl) for the URIrequest. If you notice
> > what follows is possibly encoded info. Anyone have a spare cycle to
> > decode a few of those strings and post them (ie write a quick perl
> > script)? This may be just be innocent but the pattern of two GETs and
> > a POST is definitely suspicious.
> > Tom
> >
> > R'twick Niceorgaw wrote:
> >
> >> Here are some form access_log
> >> Do they make any sense ?
> >>
> >> 203.94.195.170 - - [14/Jan/2003:10:00:27 -0500] "GET
> >> /SmpDsBhgRlb0b583ef-145f-40e8-8056-e42539b613fd HTTP/1.0" 404 304
> >> 202.156.2.42 - - [14/Jan/2003:10:00:57 -0500] "GET
> >> /SmpDsBhgRl47f52765-447c-4ba7-bd3d-4c42d8e50dd1 HTTP/1.0" 404 311
> >> 203.94.195.170 - - [14/Jan/2003:10:02:53 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.0"
> >> 404 268
> >> 202.156.2.42 - - [14/Jan/2003:10:02:59 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.0"
> >> 404 275
> >> 203.94.195.170 - - [14/Jan/2003:10:05:30 -0500] "GET
> >> /SmpDsBhgRl66f52d87-f82d-427d-a0ce-65b250bc5f32 HTTP/1.0" 404 304
> >> 202.156.2.42 - - [14/Jan/2003:10:05:53 -0500] "GET
> >> /SmpDsBhgRl1bcd5aba-2bc2-4aa9-b0d8-e9d2e2341dad HTTP/1.0" 404 311
> >> 203.94.195.170 - - [14/Jan/2003:10:06:34 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.0"
> >> 404 268
> >> 203.94.195.170 - - [14/Jan/2003:10:07:13 -0500] "GET
> >> //jukedir/juke20394195170.ram HTTP/1.1" 301 336
> >> 203.94.195.170 - - [14/Jan/2003:10:07:23 -0500] "GET
> >> /SmpDsBhgRlea668224-0bd9-47bc-8e59-adcfd6e73e70 HTTP/1.0" 404 304
> >> 202.156.2.42 - - [14/Jan/2003:10:07:59 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.0"
> >> 404 275
> >> 203.94.195.170 - - [14/Jan/2003:10:12:24 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.0"
> >> 200 -
> >> 195.226.230.37 - - [14/Jan/2003:10:15:48 -0500] "GET
> >> /SmpDsBhgRl3b925950-5772-4ed2-aa38-954c13fc7c7a HTTP/1.1" 404 323
> >> 195.226.230.37 - - [14/Jan/2003:10:19:57 -0500] "GET
> >> /SmpDsBhgRl662479ff-a49f-458b-b3ad-f090aeac74b1 HTTP/1.1" 404 323
> >> 195.226.230.37 - - [14/Jan/2003:10:20:49 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.1"
> >> 200 -
> >> 195.226.230.37 - - [14/Jan/2003:10:24:48 -0500] "GET
> >> /SmpDsBhgRl0566a9cc-5934-4197-98aa-954f4785515b HTTP/1.1" 404 323
> >> 195.226.230.37 - - [14/Jan/2003:10:24:58 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.1"
> >> 200 -
> >> 195.226.230.37 - - [14/Jan/2003:10:29:50 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.1"
> >> 200 -
> >> 195.226.230.37 - - [14/Jan/2003:10:32:55 -0500] "GET
> >> /SmpDsBhgRl632f166a-65fd-4e9c-b8ba-a2afa84e4607 HTTP/1.1" 404 323
> >> 195.226.230.37 - - [14/Jan/2003:10:36:12 -0500] "GET
> >> /SmpDsBhgRlfa7ab9d2-c274-4481-8bce-ceb29c17777a HTTP/1.1" 404 323
> >> 195.226.230.37 - - [14/Jan/2003:10:37:57 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.1"
> >> 200 -
> >> 195.226.230.37 - - [14/Jan/2003:10:39:28 -0500] "GET
> >> /SmpDsBhgRlaa012a61-78c0-49b3-ab2d-733def685c64 HTTP/1.1" 404 323
> >> 195.226.230.37 - - [14/Jan/2003:10:41:14 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.1"
> >> 200 -
> >> 195.226.230.37 - - [14/Jan/2003:10:42:55 -0500] "GET
> >> /SmpDsBhgRlcd3552c8-f36c-46bb-bd18-864f9fb16293 HTTP/1.1" 404 323
> >> 195.226.230.37 - - [14/Jan/2003:10:44:29 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.1"
> >> 200 -
> >> 195.226.230.37 - - [14/Jan/2003:10:48:01 -0500] "POST /SmpDsBhgRl
> >> HTTP/1.1"
> >> 200 -
> >>
> >> ----- Original Message -----
> >> From: "Boyle Owen" <Owen.Boyle@swx.com>
> >> To: <users@httpd.apache.org>
> >> Sent: Tuesday, January 14, 2003 11:18 AM
> >> Subject: RE: [users@httpd] any way to stop these ?
> >>
> >>
> >>
> >>
> >>> I've not seen this before... What do the corresponding requests look
> >>> like in the transfer log?
> >>>
> >>> Rgds,
> >>>
> >>> Owen Boyle
> >>>
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: R'twick Niceorgaw [mailto:public@utkalika.net]
> >>>> Sent: Dienstag, 14. Januar 2003 17:05
> >>>> To: apache user list
> >>>> Subject: [users@httpd] any way to stop these ?
> >>>>
> >>>>
> >>>> Hi all,
> >>>> I'm recently getting a lot of  entries in the error_log like
> >>>> these below.
> >>>> There a lot of them from different IP addresses. Is it some
> >>>> kind of virus or
> >>>> DDos attack ?
> >>>> Is there anyway I can stop them?
> >>>>
> >>>> Regards
> >>>> R'twick
> >>>>
> >>>> [Tue Jan 14 10:05:30 2003] [error] [client 203.94.195.170]
> >>>> File does not
> >>>> exist:
> >>>> /home/httpd/vhosts/default/htdocs/SmpDsBhgRl66f52d87-f82d-427d-
> >>>> a0ce-65b250bc
> >>>> 5f32
> >>>> [Tue Jan 14 10:05:53 2003] [error] [client 202.156.2.42] File does
not
> >>>> exist:
> >>>> /home/httpd/vhosts/default/htdocs/SmpDsBhgRl1bcd5aba-2bc2-4aa9-
> >>>> b0d8-e9d2e234
> >>>> 1dad
> >>>> [Tue Jan 14 10:06:34 2003] [error] [client 203.94.195.170]
> >>>> File does not
> >>>> exist: /home/httpd/vhosts/default/htdocs/SmpDsBhgRl
> >>>> [Tue Jan 14 10:07:23 2003] [error] [client 203.94.195.170]
> >>>> File does not
> >>>> exist:
> >>>> /home/httpd/vhosts/default/htdocs/SmpDsBhgRlea668224-0bd9-47bc-
> >>>> 8e59-adcfd6e7
> >>>> 3e70
> >>>> [Tue Jan 14 10:07:59 2003] [error] [client 202.156.2.42] File does
not
> >>>> exist: /home/httpd/vhosts/default/htdocs/SmpDsBhgRl
> >>>> [Tue Jan 14 10:15:48 2003] [error] [client 195.226.230.37]
> >>>> File does not
> >>>> exist:
> >>>> /home/httpd/vhosts/default/htdocs/SmpDsBhgRl3b925950-5772-4ed2-
> >>>> aa38-954c13fc
> >>>> 7c7a
> >>>> [Tue Jan 14 10:19:57 2003] [error] [client 195.226.230.37]
> >>>> File does not
> >>>> exist:
> >>>> /home/httpd/vhosts/default/htdocs/SmpDsBhgRl662479ff-a49f-458b-
> >>>> b3ad-f090aeac
> >>>> 74b1
> >>>> [Tue Jan 14 10:24:48 2003] [error] [client 195.226.230.37]
> >>>> File does not
> >>>> exist:
> >>>> /home/httpd/vhosts/default/htdocs/SmpDsBhgRl0566a9cc-5934-4197-
> >>>> 98aa-954f4785
> >>>> 515b
> >>>> [Tue Jan 14 10:32:55 2003] [error] [client 195.226.230.37]
> >>>> File does not
> >>>> exist:
> >>>> /home/httpd/vhosts/default/htdocs/SmpDsBhgRl632f166a-65fd-4e9c-
> >>>> b8ba-a2afa84e
> >>>> 4607
> >>>> [Tue Jan 14 10:36:12 2003] [error] [client 195.226.230.37]
> >>>> File does not
> >>>> exist:
> >>>> /home/httpd/vhosts/default/htdocs/SmpDsBhgRlfa7ab9d2-c274-4481-
> >>>> 8bce-ceb29c17
> >>>> 777a
> >>>> [Tue Jan 14 10:39:28 2003] [error] [client 195.226.230.37]
> >>>> File does not
> >>>> exist:
> >>>> /home/httpd/vhosts/default/htdocs/SmpDsBhgRlaa012a61-78c0-49b3-
> >>>> ab2d-733def68
> >>>> 5c64
> >>>> [Tue Jan 14 10:42:55 2003] [error] [client 195.226.230.37]
> >>>> File does not
> >>>> exist:
> >>>> /home/httpd/vhosts/default/htdocs/SmpDsBhgRlcd3552c8-f36c-46bb-
> >>>> bd18-864f9fb1
> >>>> 6293
> >>>>
> >>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> The official User-To-User support forum of the Apache HTTP
> >>>> Server Project.
> >>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >>>> For additional commands, e-mail: users-help@httpd.apache.org
> >>>>
> >>>>
> >>>>
> >>>
> >>> This message is for the named person's use only. It may contain
> >>> confidential, proprietary or legally privileged information. No
> >>> confidentiality or privilege is waived or lost by any mistransmission.
> >>> If you receive this message in error, please notify the sender
urgently
> >>> and then immediately delete the message and any copies of it from your
> >>> system. Please also immediately destroy any hardcopies of the message.
> >>> You must not, directly or indirectly, use, disclose, distribute,
print,
> >>> or copy any part of this message if you are not the intended
recipient.
> >>> The sender's company reserves the right to monitor all e-mail
> >>> communications through their networks. Any views expressed in this
> >>> message are those of the individual sender, except where the message
> >>> states otherwise and the sender is authorised to state them to be the
> >>> views of the sender's company.
> >>>
> >>> ---------------------------------------------------------------------
> >>> The official User-To-User support forum of the Apache HTTP Server
> >>> Project.
> >>> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >>> For additional commands, e-mail: users-help@httpd.apache.org
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the Apache HTTP Server
> >> Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >
>
> --
> -----------------------------------------------------
> Terra Novum Research
> info@terranovum.com
> www.terranovum.com
> (617) 923-4132
>
> PO Box 362
> Watertown, MA 02471-0362
>
> For it is true that we are seldom
> able to help the ones closest to us.
> Sometimes we must love completely
> those who we do not completely understand.
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message