Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: pass (nike.apache.org: local policy)
Date: Wed, 16 Apr 2014 12:09:21 -0500 (EST)
From: Jim Barchuk <jb@jbarchuk.com>
To: users@httpd.apache.org
In-Reply-To: 
 <CAK+mT5aZrTGkVESVduyeABuxCxkh42LvL0Yz5ggULTFsAA38KQ@mail.gmail.com>
Message-ID: <alpine.BSO.2.00.1404161150230.9680@jbarchuk.com>
References: 
 <CAK+mT5abkzYjmgWaq47GSWphQ9AkKX5-9-sLPgXh0yK9BM+DFQ@mail.gmail.com>
 <CAK+mT5aZrTGkVESVduyeABuxCxkh42LvL0Yz5ggULTFsAA38KQ@mail.gmail.com>
User-Agent: Alpine 2.00 (BSO 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Subject: Re: [users@httpd] Fwd: apache hosting unknown sites !!!

HiHi!

My first thought was that a -spammer- had -misconfigured- something, to 
point a 'spam target domain name' to your IP address. But those domains 
are registered '06/'07 which is not typical of spam targets, and they 
appear to be reputable.

Before I go further, a little more info. You mentioned...

> tv-house.ru , world-hdtv.ru ... etc.... I am clue less.

and then...

> 147.45.64.140 - - [16/Apr/2014:11:26:44 +0200] "-" 408 - "-" "-"
> 176.8.100.50 - - [16/Apr/2014:11:26:59 +0200] "GET
> /tracker/scrape?info_hash=U%5C%01%04%94%C6%83JV%143eL%B4%FD%5D%AD%D5%5B%E9
> HTTP/1.1" 500 1009 "-" "Zona 1.0.4.5;Windows 7;Java 1.6.0_38"

408 is very weird. I didn't even know what it meant, had to look it up, 
and still don't fully understand what it means, potentially, as related to 
your situation.

Could you please post a couple of lines that include the earlier *.ru 
requests?

> newly configured opensuse

There are other misconfiguration possibilities. No not on your side but 
elsewhere. Your IP address may have been previously used elsewhere for 
other things, that are still configured to point to you without knowing 
you're the new owner.

If nothing truly *NEFARIOUS* is going on, then over the course of time, a 
few days, things may clear themselves out automatically and those odd 
requests may simply stop happening.

If nothing nefarious is going on, but there are configs somewhere that 
someone needs to change manually but either forgot about or haven't gotten 
to yet, then the requests may continue for a while. If they don't stop you 
may need to write to the owners of those domains to give them a heads-up 
that they need to fix something or their customers won't be getting pages 
that they should be.

Along those lines, there might be someone sitting elsewhere wondering why 
-his- logs have dropped to -zero-. LOL!!! Or, they may drop way off, and 
as nameservers are updated his logs 'revive' and continue as previous. The 
only difference is that -he'll- have no clue why it all dropped off, 
because -he- hadn't changed anything. If he's loading pages locally and 
everyting works fine, yet he gets calls that other people can't load 
pages, he'll have to know how to research the problem to find out where 
the misconfiguration is.

Have a :) day!

Jim

-- 
Jim Barchuk
jb@jbarchuk.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org