httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] any way to stop these ?
Date Tue, 14 Jan 2003 16:56:27 GMT
I did a reverse DNS on the client IPs (http://www.zoneedit.com/lookup.html) and there doesn't
seem to be anything too interesting; the 203. and 202. domains originate in Asian-Pacific
while the 195. domain is in Sweden.

So somehow these clients have decided that your site is a RealPlayer server and are asking
for streams. Is there anything on your site which could lead them to that conclusion? If you
want more information from the requests, you might try setting LogFormat to include the %{Referer}
or remote host (%h).

Otherwise, their not doing any harm apart from a miniscule bandwidth usage and noise in the
logs.

Rgds,

Owen Boyle


>-----Original Message-----
>From: R'twick Niceorgaw [mailto:public@utkalika.net]
>Sent: Dienstag, 14. Januar 2003 17:25
>To: users@httpd.apache.org
>Subject: Re: [users@httpd] any way to stop these ?
>
>
>
>Here are some form access_log
>Do they make any sense ?
>
>203.94.195.170 - - [14/Jan/2003:10:00:27 -0500] "GET
>/SmpDsBhgRlb0b583ef-145f-40e8-8056-e42539b613fd HTTP/1.0" 404 304
>202.156.2.42 - - [14/Jan/2003:10:00:57 -0500] "GET
>/SmpDsBhgRl47f52765-447c-4ba7-bd3d-4c42d8e50dd1 HTTP/1.0" 404 311
>203.94.195.170 - - [14/Jan/2003:10:02:53 -0500] "POST 
>/SmpDsBhgRl HTTP/1.0"
>404 268
>202.156.2.42 - - [14/Jan/2003:10:02:59 -0500] "POST 
>/SmpDsBhgRl HTTP/1.0"
>404 275
>203.94.195.170 - - [14/Jan/2003:10:05:30 -0500] "GET
>/SmpDsBhgRl66f52d87-f82d-427d-a0ce-65b250bc5f32 HTTP/1.0" 404 304
>202.156.2.42 - - [14/Jan/2003:10:05:53 -0500] "GET
>/SmpDsBhgRl1bcd5aba-2bc2-4aa9-b0d8-e9d2e2341dad HTTP/1.0" 404 311
>203.94.195.170 - - [14/Jan/2003:10:06:34 -0500] "POST 
>/SmpDsBhgRl HTTP/1.0"
>404 268
>203.94.195.170 - - [14/Jan/2003:10:07:13 -0500] "GET
>//jukedir/juke20394195170.ram HTTP/1.1" 301 336
>203.94.195.170 - - [14/Jan/2003:10:07:23 -0500] "GET
>/SmpDsBhgRlea668224-0bd9-47bc-8e59-adcfd6e73e70 HTTP/1.0" 404 304
>202.156.2.42 - - [14/Jan/2003:10:07:59 -0500] "POST 
>/SmpDsBhgRl HTTP/1.0"
>404 275
>203.94.195.170 - - [14/Jan/2003:10:12:24 -0500] "POST 
>/SmpDsBhgRl HTTP/1.0"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:15:48 -0500] "GET
>/SmpDsBhgRl3b925950-5772-4ed2-aa38-954c13fc7c7a HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:19:57 -0500] "GET
>/SmpDsBhgRl662479ff-a49f-458b-b3ad-f090aeac74b1 HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:20:49 -0500] "POST 
>/SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:24:48 -0500] "GET
>/SmpDsBhgRl0566a9cc-5934-4197-98aa-954f4785515b HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:24:58 -0500] "POST 
>/SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:29:50 -0500] "POST 
>/SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:32:55 -0500] "GET
>/SmpDsBhgRl632f166a-65fd-4e9c-b8ba-a2afa84e4607 HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:36:12 -0500] "GET
>/SmpDsBhgRlfa7ab9d2-c274-4481-8bce-ceb29c17777a HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:37:57 -0500] "POST 
>/SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:39:28 -0500] "GET
>/SmpDsBhgRlaa012a61-78c0-49b3-ab2d-733def685c64 HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:41:14 -0500] "POST 
>/SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:42:55 -0500] "GET
>/SmpDsBhgRlcd3552c8-f36c-46bb-bd18-864f9fb16293 HTTP/1.1" 404 323
>195.226.230.37 - - [14/Jan/2003:10:44:29 -0500] "POST 
>/SmpDsBhgRl HTTP/1.1"
>200 -
>195.226.230.37 - - [14/Jan/2003:10:48:01 -0500] "POST 
>/SmpDsBhgRl HTTP/1.1"
>200 -
>
>----- Original Message -----
>From: "Boyle Owen" <Owen.Boyle@swx.com>
>To: <users@httpd.apache.org>
>Sent: Tuesday, January 14, 2003 11:18 AM
>Subject: RE: [users@httpd] any way to stop these ?
>
>
>> I've not seen this before... What do the corresponding requests look
>> like in the transfer log?
>>
>> Rgds,
>>
>> Owen Boyle
>>
>> >-----Original Message-----
>> >From: R'twick Niceorgaw [mailto:public@utkalika.net]
>> >Sent: Dienstag, 14. Januar 2003 17:05
>> >To: apache user list
>> >Subject: [users@httpd] any way to stop these ?
>> >
>> >
>> >Hi all,
>> >I'm recently getting a lot of  entries in the error_log like
>> >these below.
>> >There a lot of them from different IP addresses. Is it some
>> >kind of virus or
>> >DDos attack ?
>> >Is there anyway I can stop them?
>> >
>> >Regards
>> >R'twick
>> >
>> >[Tue Jan 14 10:05:30 2003] [error] [client 203.94.195.170]
>> >File does not
>> >exist:
>> >/home/httpd/vhosts/default/htdocs/SmpDsBhgRl66f52d87-f82d-427d-
>> >a0ce-65b250bc
>> >5f32
>> >[Tue Jan 14 10:05:53 2003] [error] [client 202.156.2.42] 
>File does not
>> >exist:
>> >/home/httpd/vhosts/default/htdocs/SmpDsBhgRl1bcd5aba-2bc2-4aa9-
>> >b0d8-e9d2e234
>> >1dad
>> >[Tue Jan 14 10:06:34 2003] [error] [client 203.94.195.170]
>> >File does not
>> >exist: /home/httpd/vhosts/default/htdocs/SmpDsBhgRl
>> >[Tue Jan 14 10:07:23 2003] [error] [client 203.94.195.170]
>> >File does not
>> >exist:
>> >/home/httpd/vhosts/default/htdocs/SmpDsBhgRlea668224-0bd9-47bc-
>> >8e59-adcfd6e7
>> >3e70
>> >[Tue Jan 14 10:07:59 2003] [error] [client 202.156.2.42] 
>File does not
>> >exist: /home/httpd/vhosts/default/htdocs/SmpDsBhgRl
>> >[Tue Jan 14 10:15:48 2003] [error] [client 195.226.230.37]
>> >File does not
>> >exist:
>> >/home/httpd/vhosts/default/htdocs/SmpDsBhgRl3b925950-5772-4ed2-
>> >aa38-954c13fc
>> >7c7a
>> >[Tue Jan 14 10:19:57 2003] [error] [client 195.226.230.37]
>> >File does not
>> >exist:
>> >/home/httpd/vhosts/default/htdocs/SmpDsBhgRl662479ff-a49f-458b-
>> >b3ad-f090aeac
>> >74b1
>> >[Tue Jan 14 10:24:48 2003] [error] [client 195.226.230.37]
>> >File does not
>> >exist:
>> >/home/httpd/vhosts/default/htdocs/SmpDsBhgRl0566a9cc-5934-4197-
>> >98aa-954f4785
>> >515b
>> >[Tue Jan 14 10:32:55 2003] [error] [client 195.226.230.37]
>> >File does not
>> >exist:
>> >/home/httpd/vhosts/default/htdocs/SmpDsBhgRl632f166a-65fd-4e9c-
>> >b8ba-a2afa84e
>> >4607
>> >[Tue Jan 14 10:36:12 2003] [error] [client 195.226.230.37]
>> >File does not
>> >exist:
>> >/home/httpd/vhosts/default/htdocs/SmpDsBhgRlfa7ab9d2-c274-4481-
>> >8bce-ceb29c17
>> >777a
>> >[Tue Jan 14 10:39:28 2003] [error] [client 195.226.230.37]
>> >File does not
>> >exist:
>> >/home/httpd/vhosts/default/htdocs/SmpDsBhgRlaa012a61-78c0-49b3-
>> >ab2d-733def68
>> >5c64
>> >[Tue Jan 14 10:42:55 2003] [error] [client 195.226.230.37]
>> >File does not
>> >exist:
>> >/home/httpd/vhosts/default/htdocs/SmpDsBhgRlcd3552c8-f36c-46bb-
>> >bd18-864f9fb1
>> >6293
>> >
>> >
>> >
>> 
>>---------------------------------------------------------------------
>> >The official User-To-User support forum of the Apache HTTP
>> >Server Project.
>> >See <URL:http://httpd.apache.org/userslist.html> for more info.
>> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> >For additional commands, e-mail: users-help@httpd.apache.org
>> >
>> >
>>
>> This message is for the named person's use only. It may contain
>> confidential, proprietary or legally privileged information. No
>> confidentiality or privilege is waived or lost by any 
>mistransmission.
>> If you receive this message in error, please notify the 
>sender urgently
>> and then immediately delete the message and any copies of it 
>from your
>> system. Please also immediately destroy any hardcopies of 
>the message.
>> You must not, directly or indirectly, use, disclose, 
>distribute, print,
>> or copy any part of this message if you are not the intended 
>recipient.
>> The sender's company reserves the right to monitor all e-mail
>> communications through their networks. Any views expressed in this
>> message are those of the individual sender, except where the message
>> states otherwise and the sender is authorised to state them to be the
>> views of the sender's company.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP 
>Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message