| 8:39 pm on Nov 11, 2002 (gmt 0)|
Taiwan Telecommunication Network Services
Shinyi Chiu, Taipei, Taiwan
The user agent looks fake. What I see for most people using MSIE 5.01 with Windows 2000 is this:
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
| 8:48 pm on Nov 11, 2002 (gmt 0)|
Thanks! What tool did you use to find that? I understand that headers or users agents or whatever can be easily faked, but why the intel url? And how did my server ok that request?....lol...confuses me...
| 9:09 pm on Nov 11, 2002 (gmt 0)|
I know that if you use the hosts file on a windows machine to specify IP resolutions, it can do that sort of thing to a log file
| 9:13 pm on Nov 11, 2002 (gmt 0)|
sometimes i find urls in my logs that i visited. i see some stange url and then go to site and seethat this was site i visited soem time ago. i have no idea how this comes to my log. especially since my PC and isp in SLOVENIA have nothing to do with my web servers whcih are in USA. i have seen some strange thing s in log that i have no idea how to explain :)
| 9:33 pm on Nov 11, 2002 (gmt 0)|
Your welcome Karen. For an ip look up I start here [whois.arin.net...] The ip that you gave was from Asia so I went here [apnic.net...]
Sorry but I don't know how or why the intel url ended up in your logs. Someone else is going to have to answer that one.
| 9:56 am on Nov 12, 2002 (gmt 0)|
How much do you know about your web server? Are you running a proxy server without knowing it?
| 11:17 am on Nov 12, 2002 (gmt 0)|
It depends what the server in question is configured for - if it's on it's own IP then out-of-the-box systems will not bother to check the HOST variable instead assuming that if you ask for document X when connected to this machine then that's what it'll try to retrieve.
You have to remember that normally speaking the HOST variable (in this case www.intel.com) and the request URI (in this case /) are not passed as the complete item but rather as two separate items with HOST being a variable tagged onto the main request.
The only time that a server will both to check the HOST variable is if server-side code does so or if the server is living on a virtual IP (in which case HOST determines which site you see)
| 12:10 pm on Nov 12, 2002 (gmt 0)|
Forgive me, but I don't understand what you guys mean. I have a dedicated IP, I think. My site is accessable through my IP. As far as Proxy, I have no idea. I'm still pretty to new to all this. :)
Just to make sure you guys know what I mean, the japanese IP came to my site, and according to my logs, requested www.intel.com and got 200 status. Intel wasn't the referrer, it was requested. The entry didn't log a referrer.
| 4:24 pm on Nov 12, 2002 (gmt 0)|
It looks like somebody testing for an open proxy. Apache will return a "200" even if you don't have an open proxy (which you probably don't), because for that request Apache would have served up YOUR home page. Nothing to worry about. If you're nervous, look again at the logfile entry: it says the content length was 8192 bytes. Does that correspond with the size of your home page? (Intel's home page is 43kb plus images).
That "200" status code for this kind of request made me nervous the first time I saw it in my logs, too!
| 4:44 pm on Nov 12, 2002 (gmt 0)|
Oops, I should have added-- In this context, an "Open Proxy" would be a server that anyone could use as an intermediate in their surfing: users would request outside pages from your server, then your server would request the page from the outside site and forward them back to the user of the proxy. To the person that's running the outside site, it would look like all the requests for pages were coming from your server, instead of the end user. It's a way for people to hide their tracks on the web. If you're working through professional a hosting company, it's exceedingly unlikely that they'd leave an open proxy.
| 9:25 pm on Nov 12, 2002 (gmt 0)|
Thanks! :) Yes, the 8192 bytes is my homepage, can't believe I missed that, sorry. Anyway, it makes a bit more sense now.
I'm not nervous, but I get really suspicious when I see weird entries. I have gotten alot of them lately. Although none 'seem' to be doing any damage or being hoggy, it really irritates me. ;)