homepage Welcome to WebmasterWorld Guest from 54.161.155.142
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
What in the world is this?
someone requesting www.intel.com and got 200 code.....
kstprod




msg:402207
 8:06 pm on Nov 11, 2002 (gmt 0)

As much as I'd love it if this were true, but I'm not Intel..LOL.. I'd sure like to know what in the world this is all about...... someone help, please. I can't come up with any info on the IP.

202.145.67.64 - - [11/Nov/2002:14:27:14 -0500] "GET [intel.com...] HTTP/1.1" 200 8192 "-" "Mozilla/5.0 (compatible; MSIE 5.01; Win2000)"

Karen

 

Son_House




msg:402208
 8:39 pm on Nov 11, 2002 (gmt 0)

202.145.67.64
Taiwan Telecommunication Network Services
Shinyi Chiu, Taipei, Taiwan

The user agent looks fake. What I see for most people using MSIE 5.01 with Windows 2000 is this:
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)

kstprod




msg:402209
 8:48 pm on Nov 11, 2002 (gmt 0)

Son_House,

Thanks! What tool did you use to find that? I understand that headers or users agents or whatever can be easily faked, but why the intel url? And how did my server ok that request?....lol...confuses me...

Karen

feynman




msg:402210
 9:09 pm on Nov 11, 2002 (gmt 0)

I know that if you use the hosts file on a windows machine to specify IP resolutions, it can do that sort of thing to a log file

JonB




msg:402211
 9:13 pm on Nov 11, 2002 (gmt 0)

sometimes i find urls in my logs that i visited. i see some stange url and then go to site and seethat this was site i visited soem time ago. i have no idea how this comes to my log. especially since my PC and isp in SLOVENIA have nothing to do with my web servers whcih are in USA. i have seen some strange thing s in log that i have no idea how to explain :)

Son_House




msg:402212
 9:33 pm on Nov 11, 2002 (gmt 0)

Your welcome Karen. For an ip look up I start here [whois.arin.net...] The ip that you gave was from Asia so I went here [apnic.net...]

Sorry but I don't know how or why the intel url ended up in your logs. Someone else is going to have to answer that one.

Josk




msg:402213
 9:56 am on Nov 12, 2002 (gmt 0)

How much do you know about your web server? Are you running a proxy server without knowing it?

Dreamquick




msg:402214
 11:17 am on Nov 12, 2002 (gmt 0)

It depends what the server in question is configured for - if it's on it's own IP then out-of-the-box systems will not bother to check the HOST variable instead assuming that if you ask for document X when connected to this machine then that's what it'll try to retrieve.

You have to remember that normally speaking the HOST variable (in this case www.intel.com) and the request URI (in this case /) are not passed as the complete item but rather as two separate items with HOST being a variable tagged onto the main request.

The only time that a server will both to check the HOST variable is if server-side code does so or if the server is living on a virtual IP (in which case HOST determines which site you see)

- tony

kstprod




msg:402215
 12:10 pm on Nov 12, 2002 (gmt 0)

Forgive me, but I don't understand what you guys mean. I have a dedicated IP, I think. My site is accessable through my IP. As far as Proxy, I have no idea. I'm still pretty to new to all this. :)

Just to make sure you guys know what I mean, the japanese IP came to my site, and according to my logs, requested www.intel.com and got 200 status. Intel wasn't the referrer, it was requested. The entry didn't log a referrer.

PeterD




msg:402216
 4:24 pm on Nov 12, 2002 (gmt 0)

It looks like somebody testing for an open proxy. Apache will return a "200" even if you don't have an open proxy (which you probably don't), because for that request Apache would have served up YOUR home page. Nothing to worry about. If you're nervous, look again at the logfile entry: it says the content length was 8192 bytes. Does that correspond with the size of your home page? (Intel's home page is 43kb plus images).

That "200" status code for this kind of request made me nervous the first time I saw it in my logs, too!

PeterD




msg:402217
 4:44 pm on Nov 12, 2002 (gmt 0)

Oops, I should have added-- In this context, an "Open Proxy" would be a server that anyone could use as an intermediate in their surfing: users would request outside pages from your server, then your server would request the page from the outside site and forward them back to the user of the proxy. To the person that's running the outside site, it would look like all the requests for pages were coming from your server, instead of the end user. It's a way for people to hide their tracks on the web. If you're working through professional a hosting company, it's exceedingly unlikely that they'd leave an open proxy.

kstprod




msg:402218
 9:25 pm on Nov 12, 2002 (gmt 0)

Peter,

Thanks! :) Yes, the 8192 bytes is my homepage, can't believe I missed that, sorry. Anyway, it makes a bit more sense now.

I'm not nervous, but I get really suspicious when I see weird entries. I have gotten alot of them lately. Although none 'seem' to be doing any damage or being hoggy, it really irritates me. ;)

Thanks again,

Karen

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved