Source of Unexplained Requests in Server Logs

Posted by Synetech inc. on Server Fault See other posts from Server Fault or by Synetech inc.
Published on 2010-03-15T05:10:49Z Indexed on 2010/03/15 5:20 UTC
Read the original article Hit count: 259

Filed under:

webserver

|

log-files

|

unknown-source

|

requests

Hi,

I am baffled by some entries in my server logs, specifically the web-server logs. Other than normal, expected traffic, I have noticed three types of request errors (eg 404, etc.):

Broken links, ie links from old, external pages that point to pages that are no longer here
Sequences of probes, ie some jerk trying to hack in by scanning my server for a series of exploitable admin type pages and such
What appear to be completely random requests for things that have never existed on the server or even have anything to do with the server, and appear by themselves (ie not a series of requests like the probes)

Could it somehow be a mistyped URL or IP? That’s about the only thing that I can think of, but still, how could I get a request on say, foobar.dyndns.org (12.34.56.78) for something like www.wantsfly.com/prx2.php or /MNG/LIVE or http://ant.dsabuse.com/abc.php?auth=45V456b09m&strPassword=X%5BMTR__CBZ%40VA&nLoginId=43. (Those are a few actual requests from my logs.)

Can someone please explain scenario three to me? Thanks.

© Server Fault or respective owner

Related posts about webserver

Headers to set for AJAX calls in a custom webserver

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm writing a custom web server. When I enter the URL of my server in the browser, I get the sample text I write out to the socket in my browser correctly. This is the HTTP response that I write: HTTP/1.1 200 OK\r\n Server: My Server\r\n Date: Blah\r\n \r\n This is some sample text. This appears… >>> More
Erlang: 2 database on 2 webserver ??

as seen on Stack Overflow - Search for 'Stack Overflow'
I have created a blogging system with php+postgresql. Now I want to add a web chat ( in REAL TIME for Million of users simultaneously ) where every message is saved in database. I am thinking to use Erlang+Mnesia on a different webserver for this issue. Message's table will be like this: message_id… >>> More
Why is this mod_rewrite RewriteRule directive not working in the .htaccess file?

as seen on Server Fault - Search for 'Server Fault'
I've got a site that was hosted on a linux el cheapo hosting service that I'm migrating to my Mac OS X 10.5 Leopard Server server running Apache 2.2.8 & PHP 5.2.5 w/rewrite_module enabled and AllowOverride All, but I'm running into an issue with the following lines in the .htaccess file: RewriteEngine… >>> More
Why is this mod_rewrite RewriteRule directive not working in the .htaccess file?

as seen on Server Fault - Search for 'Server Fault'
I've got a site that was hosted on a linux el cheapo hosting service that I'm migrating to my Mac OS X 10.5 Leopard Server server running Apache 2.2.8 & PHP 5.2.5 w/rewrite_module enabled and AllowOverride All, but I'm running into an issue with the following lines in the .htaccess file: RewriteEngine… >>> More
How ISP or dns server find the nameserevr [on hold]

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I saw some articles about how DNS propagation happens.I know that ISP or DNS server(such as google public dns) cache the ip address of website which it uses to convert domain name to ip address. But my doubt is from where these ISP or dns serevr know which nameserver to go for particular domain name… >>> More

Related posts about log-files

Problem with squid log files

as seen on Server Fault - Search for 'Server Fault'
I am using SARG to get a report on the squid log files, I get this result /usr/local/Sarg/bin/sarg -l /usr/local/squid/var/logs/access.log SARG: Records in file: 0, reading: 0.00% SARG: Records in file: 0, reading: 0.00% SARG: Records in file: 0, reading: 0.00% SARG: Records in file: 0, reading:… >>> More
Safe to enable compression C:\WINDOWS\system32\LogFiles

as seen on Server Fault - Search for 'Server Fault'
Will it slow down my website if I enable compression on the C:\WINDOWS\system32\LogFiles directory? These files are slowly but surely chewing away drive space and I'd like to slow the expansion. I'm worried however that this will also slow my websites. >>> More
My linux server time and log files are not the same

as seen on Server Fault - Search for 'Server Fault'
Hi i have installed NTP on my linux server and i am getting my clock from a 6500 core switch, everything is working fine. When i ssh to a switch i have it all sent to a log file on the linux server, this log file does not time stamp with the same time as i have on the server. the date and hwclock… >>> More
Minimizing SQL transaction log file size on developer box running simple recovery model

as seen on Server Fault - Search for 'Server Fault'
We have alot of SQL servers on development environment where we never take backup of the databases (TFS for code is enough). The (SharePoint) databases are all set to simple recovery model, but the log files, especially for the SharePoint configuration database is growing quite large and filling… >>> More
How to write to Tomcat log files

as seen on Stack Overflow - Search for 'Stack Overflow'
What is the easiest way to print out something in a Tomcat Log file. I was under the impression that System.out.println() would print to one of the log files. I just want to print out the value of a string, so the simplest solution would be best. If there is no simple/trivial solution I guess I… >>> More