httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Barchuk ...@jbarchuk.com>
Subject Re: [users@httpd] Fwd: apache hosting unknown sites !!!
Date Thu, 17 Apr 2014 15:08:02 GMT
HiHi!

> 1. The requests are not available at log because I have blocked the .ru
> domains at firewall level. Let me disable the firewall to generate the logs
> for you
>
> 109.188.125.110 - - [17/Apr/2014:07:27:03 +0200] "GET /Uizz9n HTTP/1.1" 301
> - "http://www.tv-house.ru/detail/200/5347" "Mozilla/5.0 (Windows NT 6.3;
> WOW64; Trident/7.0; ASU2JS; rv:11.0) like Gecko"
> 109.188.125.110 - - [17/Apr/2014:07:27:04 +0200] "GET
> /index.php?id=16&no_cache=1 HTTP/1.1" 200 9009 "
> http://www.tv-house.ru/detail/200/5347" "Mozilla/5.0 (Windows NT 6.3;
> WOW64; Trident/7.0; ASU2JS; rv:11.0) like Gecko"
> 109.191.88.164 - - [17/Apr/2014:07:27:13 +0200] "GET
> /index.php?id=16&no_cache=1 HTTP/1.1" 200 9009 "-" "libtorrent/0.16.10.0"
> 109.188.125.110 - - [17/Apr/2014:07:27:16 +0200] "GET
> /index.php?id=16&no_cache=1 HTTP/1.1" 200 9009 "
> http://www.tv-house.ru/catalog/29/200/31/" "Mozilla/5.0 (Windows NT 6.3;
> WOW64; Trident/7.0; ASU2JS; rv:11.0) like Gecko"

I am *NOT* a DNS guru. I actually learned a bunch many years ago and even 
operated BIND for a while but gave up trying to -really- learn it, and 
keep up with progress. I'm happy enough if I can keep my own /etc/hosts 
and hosted DNS llined up records straight. LOL!!

I do know how to look at a few things though.

Those two IP addresses 109.188.125.110 and 109.191.88.164 appear to be in 
a simmilar '109' range, but not close enough.

Whois n for the first one says...

% Information related to '109.188.124.0 - 109.188.127.255' ...
% Abuse contact for '109.188.124.0 - 109.188.127.255' is 
'aguzeev@yotateam.com'

... and the second one ...

% Information related to '109.191.0.0 - 109.191.127.255'
% Abuse contact for '109.191.0.0 - 109.191.127.255' is 'abuse@is74.ru'

...and all other information about those #s after that is different 
content and structure, implying completely different owners and even 
different DNS hosts. I -think- That -implies- that there's no -connection- 
between the -sources- of the requests, that they're coming from completely 
different ISPs. Yet, there the requests are.

BTW when I http:// those domains I get 'tv' related pages but appear to be 
compltetly different.

With that I'm bowing out because it's way over my head. I have no doubt 
tha someone with enough dig skills could pin down the exact source of the 
problem fairly straighforwardly, but it definitely ain't me.

You -could- ask your uplink to look into it. It depends on how supportive 
they are, and how interested the particular tech person you talk with is 
interested in the problem. The reason I say it that way is that it 
-doesn't- seem to be your -uplinks- misconfiguration, so 'not their 
problem.' But because it's causing unnecessary traffic on -their- lines 
they -might- be interested. Whether you can convince them to be interested 
depends on who you talk with and how you convey the problem. Some IPSs are 
-very- concerned about user (you) inconvenience, others don't give a rat's 
ass.

Have a :) day!

Jim

-- 
Jim Barchuk
jb@jbarchuk.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message