homepage Welcome to WebmasterWorld Guest from 54.237.98.229
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
/sumthin Solved.
/sumthin requests in logs
noameppel

10+ Year Member



 
Msg#: 2100 posted 8:04 am on Jul 18, 2003 (gmt 0)

There are quiet a few posts on here asking about "/sumthin" requests showing up in their logs.

A request would look similar to this:

123.456.789.10 - - [02/July/2003:01:50:50 -0600] "GET /sumthin HTTP/1.0" 404

I usually get one or two emails a week asking about what these request do and what causes it...

The purpose of the request is to request a file which does not exist on your web server to see a 404 error page. A 404 error page usually contains information about the software running on the server.

You can test this out on your own web site:
1. Telnet into your site over port 80
(telnet example.com 80)
2. Type GET /sumthin HTTP/1.0 and press Enter twice.

In the result you might see a line similar to:

Server: Apache/1.3.27 (Unix) DAV/1.0.3 mod_bwlimited/1.0 PHP/4.3.1 mod_log_bytes/1.2 FrontPage/5.0.2.2510 mod_ssl/2.8.14 OpenSSL/0.9.6b

There are two known causes of this. Both are trojans/worms which are installed on compromised servers and used to automatically scan other machines. They are named:

1. httpver.c
2. ATD OpenSSL Mass Exploiter

If you receive any /sumthin requests in your apache log, it is possibly the originating IP is infected with one of those.

[edited by: littleman at 4:24 pm (utc) on July 18, 2003]
[edit reason] no sigs please [/edit]

 

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved