Requests for non-local pages
This is a discussion on Requests for non-local pages within the Apache Web Server forums, part of the Web Server and Related Forums category; Hi all, I am running the following Apache: Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/5mdk) mod_perl/1.99_11Perl/v5....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-04-2005
|
|||
|
|||
Requests for non-local pages
Hi all,
I am running the following Apache: Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/5mdk) mod_perl/1.99_11Perl/v5.8.3 mod_ssl/2.0.48 OpenSSL/0.9.7c DAV/2 SVN/1.0.1-dev PHP/4.3.4 Server at www.klaverstijn.nl Port 80 If I look at my access log, I see predominantly requests for pages that are not even served by me. I am quite puzzled by this. Some samples are: "GET http://www.joshuastarling.com/index.php?p=162 HTTP/1.0" "GET http://www.epilot.com/searchresultsS...eme=bluedesign HTTP/1.0" "GET http://z1.adserver.com/w/cp.x;rid=13...17;c=923;;nc=1 HTTP/1.0" The originating ip addresses differ greatly and are never internal (192.168.*). The requests receive a 404 response, but I hate the clutter of my logs and the overhead this causes to my server. Obviously, all seem to be about the usual adware. Can someone tell me what's happening and how to stop this or at least minimize the impact? Thanks in advance. Jan. |
|
03-04-2005
|
|||
|
|||
|
Re: Requests for non-local pages
"Jan Klaverstijn" <jan@klaverstijn.nl> schreef in bericht
news:422888f0$0$90482$dbd45001@news.euronet.nl... > I am running the following Apache: > If I look at my access log, I see predominantly requests for pages that are > not even served by me. I am quite puzzled by this. Some samples are: > "GET http://www.joshuastarling.com/index.php?p=162 HTTP/1.0" > "GET > http://www.epilot.com/searchresultsS...eme=bluedesign > HTTP/1.0" > "GET http://z1.adserver.com/w/cp.x;rid=13...17;c=923;;nc=1 > HTTP/1.0" > > The originating ip addresses differ greatly and are never internal > (192.168.*). The requests receive a 404 response, > but I hate the clutter of my logs Try conditional logging http://httpd.apache.org/docs-2.0/logs.html#accesslog -if you want to clean the error_log too, try http://httpd.apache.org/docs-2.0/logs.html#piped- >and the overhead this causes to my server. Setting and testing the logging condition may increase the overhead... > Obviously, all seem to be about the usual adware. > Can someone tell me what's happening Some think your system is a proxy ... > and how to stop this or You have no control over their thoughts -nor their PCs-. > at least minimize the impact? AFAIK responsing 404 is the minimum impact. If there is a firewall upfront, it might be able to block this kind of requests. HansH |
|
03-04-2005
|
|||
|
|||
|
Re: Requests for non-local pages
HansH wrote:
> "Jan Klaverstijn" <jan@klaverstijn.nl> schreef in bericht > news:422888f0$0$90482$dbd45001@news.euronet.nl... > >>I am running the following Apache: >>If I look at my access log, I see predominantly requests for pages that > > are > >>not even served by me. I am quite puzzled by this. Some samples are: >>"GET http://www.joshuastarling.com/index.php?p=162 HTTP/1.0" >>"GET >> > > http://www.epilot.com/searchresultsS...eme=bluedesign > >>HTTP/1.0" >>"GET > > http://z1.adserver.com/w/cp.x;rid=13...17;c=923;;nc=1 > >>HTTP/1.0" >> >>The originating ip addresses differ greatly and are never internal >>(192.168.*). The requests receive a 404 response, >>but I hate the clutter of my logs > > Try conditional logging http://httpd.apache.org/docs-2.0/logs.html#accesslog > > -if you want to clean the error_log too, try > http://httpd.apache.org/docs-2.0/logs.html#piped- > > >>and the overhead this causes to my server. > > Setting and testing the logging condition may increase the overhead... > > >>Obviously, all seem to be about the usual adware. >>Can someone tell me what's happening > > Some think your system is a proxy ... > > >>and how to stop this or > > You have no control over their thoughts -nor their PCs-. > > >>at least minimize the impact? > > AFAIK responsing 404 is the minimum impact. > If there is a firewall upfront, it might be able to block this kind of > requests. > > HansH > > > If you are serving remote pages via your web server then you have a configuration issue. Sounds like you are unintentionally running the webserver as a proxy. Severly bad move, check out your httpd.conf file. |
|
03-04-2005
|
|||
|
|||
|
Re: Requests for non-local pages
"NSpam" <chris.newey@gmail.com> schreef in bericht
news:Zr1Wd.290604$K7.260096@fe2.news.blueyonder.co .uk... > HansH wrote: > > "Jan Klaverstijn" <jan@klaverstijn.nl> schreef in bericht > > news:422888f0$0$90482$dbd45001@news.euronet.nl... > >>I am running the following Apache: > >>If I look at my access log, I see predominantly requests for pages that > >>are not even served by me. I am quite puzzled by this. > >>Some samples are: > >>"GET http://www.joshuastarling.com/index.php?p=162 HTTP/1.0" > >>The originating ip addresses differ greatly and are never internal > >>(192.168.*). The requests receive a 404 response, > >>but I hate the clutter of my logs > > Try conditional logging http://httpd.apache.org/docs-2.0/logs.html#accesslog > > -if you want to clean the error_log too, try > > http://httpd.apache.org/docs-2.0/logs.html#piped- > >>and the overhead this causes to my server. > > Setting and testing the logging condition may increase the overhead... > >>Obviously, all seem to be about the usual adware. > >>Can someone tell me what's happening > > Some think your system is a proxy ... > >>and how to stop this or > > You have no control over their thoughts -nor their PCs-. > >>at least minimize the impact? > > AFAIK responsing 404 is the minimum impact. > > If there is a firewall upfront, it might be able to block this kind of > > requests. > If you are serving remote pages via your web server then you have > a configuration issue. are unintentionally running the webserver as >a proxy. Severly bad move, check out your httpd.conf file. You're barking to the wrong tree ... Misconfiguration is close to unlikely, as the OP states 404 on properly working urls. HansH |
|
03-04-2005
|
|||
|
|||
|
Re: Requests for non-local pages
"NSpam" <chris.newey@gmail.com> schreef in bericht
news:Zr1Wd.290604$K7.260096@fe2.news.blueyonder.co .uk... > HansH wrote: >> "Jan Klaverstijn" <jan@klaverstijn.nl> schreef in bericht >> news:422888f0$0$90482$dbd45001@news.euronet.nl... >> >>>I am running the following Apache: >>>If I look at my access log, I see predominantly requests for pages that >> >> are >> >>>not even served by me. I am quite puzzled by this. Some samples are: >>>"GET http://www.joshuastarling.com/index.php?p=162 HTTP/1.0" >>>"GET >>> >> >> http://www.epilot.com/searchresultsS...eme=bluedesign >> >>>HTTP/1.0" >>>"GET >> >> http://z1.adserver.com/w/cp.x;rid=13...17;c=923;;nc=1 >> >>>HTTP/1.0" >>> >>>The originating ip addresses differ greatly and are never internal >>>(192.168.*). The requests receive a 404 response, >>>but I hate the clutter of my logs >> >> Try conditional logging >> http://httpd.apache.org/docs-2.0/logs.html#accesslog >> >> -if you want to clean the error_log too, try >> http://httpd.apache.org/docs-2.0/logs.html#piped- >> >> >>>and the overhead this causes to my server. >> >> Setting and testing the logging condition may increase the overhead... >> >> >>>Obviously, all seem to be about the usual adware. >>>Can someone tell me what's happening >> >> Some think your system is a proxy ... >> >> >>>and how to stop this or >> >> You have no control over their thoughts -nor their PCs-. >> >> >>>at least minimize the impact? >> >> AFAIK responsing 404 is the minimum impact. >> If there is a firewall upfront, it might be able to block this kind of >> requests. >> >> HansH >> >> >> > If you are serving remote pages via your web server then you have a > configuration issue. Sounds like you are unintentionally running the > webserver as a proxy. Severly bad move, check out your httpd.conf file. No, certainly no proxy. It may be true however that somebody thinks I have one and forwards requests to me. I will see what my allready busy firewall can do. I could also check headers and make a 403 (forbidden) out of these 404's. Would that discourage the suspect? Thanks, Jan. |
|
03-06-2005
|
|||
|
|||
|
Re: Requests for non-local pages
Jan Klaverstijn wrote:
> Hi all, > > I am running the following Apache: > > Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/5mdk) > mod_perl/1.99_11Perl/v5.8.3 mod_ssl/2.0.48 OpenSSL/0.9.7c DAV/2 > SVN/1.0.1-dev PHP/4.3.4 Server at www.klaverstijn.nl Port 80 > > If I look at my access log, I see predominantly requests for pages that > are not even served by me. I am quite puzzled by this. Some samples are: > > "GET http://www.joshuastarling.com/index.php?p=162 HTTP/1.0" > "GET > >http://www.epilot.com/searchresultsS...IsBlank=False& > >keyword=Liquid+Vitamins&PageTheme=bluedesign > HTTP/1.0" > "GET > http://z1.adserver.com/w/cp.x;rid=13...17;c=923;;nc=1 > HTTP/1.0" > > The originating ip addresses differ greatly and are never internal > (192.168.*). The requests receive a 404 response, but I hate the clutter > of my logs and the overhead this causes to my server. Obviously, all seem > to be about the usual adware. Can someone tell me what's happening and how > to stop this or at least minimize the impact? > > Thanks in advance. > > Jan. If you use Linux then set up iptables (very easy to do) to just DROP connections from those networks. If it were me I'd drop this whole shebang: epilot: Internap Network Services PNAP-05-2000 (NET-64-94-0-0-1) 64.94.0.0 - 64.95.255.255 64.94.0.0/15 Interchange Corporation INAP-LAX-ELIB-0777 (NET-64-94-109-0-1) 64.94.109.0 - 64.94.109.127 64.94.109.0/25 adserver.com: Level 3 Communications, Inc. at 205.180.0.0/14 joshuastarling.com: this is a yahoo account - complain to yahoo or drop all yahoo addresses if you have no need of them. The internet shrinks for those who abuse it. Eric |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 09:32 PM.
