DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > Web Site Building & Maintenance

Reply
 
Thread Tools Display Modes
Old 11-13-2005, 06:20 PM   #1
BinkyM
Member
 
BinkyM's Avatar
 
Join Date: Jan 2005
Location: New York, NY
Posts: 32
Default Who (or what) is doing this to my server?

Folks:

I run a script on my server to email me whenever someone generates a 404 so I can go fix it. When it's able to, the email includes the source of the 404 (ie, whatever caused it is on page thus-and-so).

I get a lot of emails telling me these are 404s:

http://snarkish.com/public_html/articles/+
http://snarkish.com/public_html/mac/+
http://snarkish.com/public_html/+

and lots more I won't bother you with.

What is someone (I assume it's a spider) looking for? Is the plus sign some kinda special character that tells a system something, and I just don't know what it is? It's no big deal; it's just pesky having to delete all those things because there's nothing for me to fix (and thesource of the error isn't listed).

I'm just curious about this, that's all.

   
__________________
Bink of Snarkish, intelligent discussion forums for adults with their clothes on
BinkyM is offline   Reply With Quote
Old 11-14-2005, 01:40 AM   #2
Kelvyn
Staff
 
Kelvyn's Avatar
 
Join Date: Feb 2005
Location: In the Heart of the English Lake District
Posts: 1,381
Default

I have never seen this as a result of SE bots.

This could be hackers trying to exploit the emailing script. If it is robust and secure then all you have to worry about is the number of "test" messages you receive. What I do in these cases is to check the IP addesses the hackers use and lock them out of the site with .htaccess. Unfortunately, though, too many of them used spoofed IPs...

Check the server logs, as the access time there will match the time the email was triggered.

   
__________________
Kelvyn

Web site design, hosting and marketing, Keswick in the UK Lake District

If you are planning a visit to Keswick then try Keswick Tourist Information website

Kelvyn is offline   Reply With Quote
Old 11-15-2005, 09:48 AM   #3
BinkyM
Member
 
BinkyM's Avatar
 
Join Date: Jan 2005
Location: New York, NY
Posts: 32
Default

Kelvyn:

Quote:
This could be hackers trying to exploit the emailing script
Naw; that looks *entirely* different, and a plus sign tacked onto an URL ain't the way to try to exploit the mailing software. Those attempts I see in my logs.

I'll keep an eye on my logs so that when I get one of those messages, I can see where it came from. Sure wish I knew what someone's *trying* to do!

   
__________________
Bink of Snarkish, intelligent discussion forums for adults with their clothes on
BinkyM is offline   Reply With Quote
Old 11-15-2005, 10:50 AM   #4
Kelvyn
Staff
 
Kelvyn's Avatar
 
Join Date: Feb 2005
Location: In the Heart of the English Lake District
Posts: 1,381
Default

It did occur to me after my previous reply that the plus may be representing a space. In a url query string a plus sign is shorthand for a space.

I just went and tried http://snarkish.com/public_html/[space] and got a 404!!!

I wonder if someone has links to your site with spaces at the end of the urls. It will be in the logs.

   
__________________
Kelvyn

Web site design, hosting and marketing, Keswick in the UK Lake District

If you are planning a visit to Keswick then try Keswick Tourist Information website

Kelvyn is offline   Reply With Quote
Old 11-15-2005, 10:39 PM   #5
gary
Member
 
Join Date: Dec 2004
Location: In the heart of Lake Minnetonka
Posts: 337
Default

I assume "public_html" is the subdirectory of your home directory that constitues the root of your web site; this is pretty standard Apache-based hosting for user directories.

Code:
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2005 06:20:03 GMT
Server: Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7a PHP-CGI/0.1b
Connection: close
Content-Type: text/html
The "+" is sometimes substituted in the request for space characters, i.e. "this thing" becomes "this+thing".
(and "this+thing" becomes "this%2Bthing" - as "%2B" is the hexadecimal encoding of "+")

Are you seeing the actual log - and, if so, what do the browser and referrer strings say?
(Or are you seeing the -webalizer- results of log analysis?)

Standard Apache log format is
Code:
66.249.66.11 - - [15/Nov/2005:22:46:27 -0600] "GET /robots.txt HTTP/1.1" 404 1047 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
1) requester IP or hostname: 66.249.66.11
2) client identd name (or "-")
3) authenticated username (or "-")
4) timestamp: 2005-11-15 22:46:27 CST
5) quoted request: "GET /robots.txt"
6) status code: 404 - not found
7) reply length: 1047
8) referring URL (or "-")
9) browser string: "Mozilla/5.0 (...)"

Frankly your ISP needs to turn off feature identification by including "ServerTokens OS" in their Apache config file. They also need to update their version of OpenSSL.
gary is offline   Reply With Quote
Old 11-16-2005, 12:40 AM   #6
Richard Waller
Member
 
Richard Waller's Avatar
 
Join Date: Aug 2005
Location: Goring-by-Sea, West Sussex UK
Posts: 732
Default

I thought that space is %20; or the like

   
__________________
Richard Waller
www.waller.co.uk
www.goring-by-sea.uk.com
Richard Waller is offline   Reply With Quote
Old 11-16-2005, 06:33 AM   #7
iamback
Member
 
iamback's Avatar
 
Join Date: Oct 2005
Location: Amsterdam, NL
Posts: 4,894
Default

Quote:
Originally Posted by Richard Waller
I thought that space is %20; or the like
Depending on how the URL is encoded it can either be %20 or a '+'. Just look at how Google translates a search with multiple words into a URL...

   
__________________
Marjolein Katsma
Look through my eyes on Cultural Surfaces (soon!), My ArtFlakes shop and Flickr.
Occasionally I am also connecting online dots... and sometimes you can follow me on Marjolein's Travel Blog
iamback is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Web server redirect dthomsen8 Web Site Building & Maintenance 2 12-03-2006 01:30 PM
Newer on the Server? dthomsen8 Web Site Building & Maintenance 3 11-13-2006 09:22 AM


All times are GMT -8. The time now is 07:03 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.