homepage Welcome to WebmasterWorld Guest from 54.205.189.156
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: Receptional & mademetop

Website Analytics - Tracking and Logging Forum

    
Repeated "GET http://www.yahoo.com/ HTTP/1.1" in my logs.
Same IP keeps pestering me once a day for this, what does it even do?
ses4j




msg:901031
 9:13 am on Nov 4, 2003 (gmt 0)

I was looking through my logs and found a repeat visitor from 64.222.186.235, who did this 15 times in October (here are two of them):

64.222.186.235 - - [07/Oct/2003:05:21:32 -0400] "GET [yahoo.com...] HTTP/1.1" 200 11446 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"

64.222.186.235 - - [08/Oct/2003:16:24:45 -0400] "GET [yahoo.com...] HTTP/1.1" 200 11446 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"

What does "GET [yahoo.com...] even do? I don't have a link to yahoo on my page anywhere. Also this is the only thing that IP has done, just scattered one-liners about yahoo. Any thoughts? It's very similar to the still-persistent bugger mentioned in the [webmasterworld.com...] thread.

Scott

 

BlueSky




msg:901032
 9:28 am on Nov 4, 2003 (gmt 0)

What does "GET [yahoo.com...] even do?

It retrieves Yahoo's homepage. The 200 says it was successful.

Does that IP belong to your host? Just a guess -- maybe the script doing this is on your server or someone outside is using your server to run scripts?

nancyb




msg:901033
 5:28 pm on Nov 4, 2003 (gmt 0)

just checked and I'm getting one of these almost every day since late Sept. Just one hit a day, always a 200 and always from 64.222.xxx.xx or 64.223.xxx.xx ip range. IPs resolve to verizon.net

BlueSky can you explain a little more what this could be. I run no scrips on my site so now I'm curious. Thanks,

bakedjake




msg:901034
 5:29 pm on Nov 4, 2003 (gmt 0)

You have an open proxy. Are you on apache, and running mod_proxy? Make sure you restrict mod_proxy access by IP in your httpd.conf file, or turn it off if you don't need it.

An open proxy can be a very bad thing.

nancyb




msg:901035
 6:10 pm on Nov 4, 2003 (gmt 0)

panicked for a minute .... just re-checked though and all proxy directives are commented out in httpd.conf.

any other reason for getting these hits?

bakedjake




msg:901036
 6:13 pm on Nov 4, 2003 (gmt 0)

n- that's really bizarre.

Can you telnet to port 80 on your webserver, and issue the command:

GET http*//www.yahoo.com/

And see what it returns? (Replace the star with colon - darn autolinking.)

nancyb




msg:901037
 6:37 pm on Nov 4, 2003 (gmt 0)

ah geeze bakedjake, you had to go and ask me to do something that shows how little I know ;) :(.

I've never telenetted (?), don't know how. Can I check this some other way?

bakedjake




msg:901038
 7:17 pm on Nov 4, 2003 (gmt 0)

n- since you don't have an open proxy, I'd be willing to bet that your server is just returning your homepage when yahoo is requested.

You can be sure of this, if you'd like, by writing a script that calls your machine and requests yahoo.

Something /is/ being returned, hence the 200, though.

jdMorgan and wkitty42 attack a similar issue here: [webmasterworld.com...]

nancyb




msg:901039
 7:59 pm on Nov 4, 2003 (gmt 0)

checked out that thread but it is way over my head. :o You are right that it is returning my home page as the bytes sent match.

thought I could go off and do some real work today but you've alerted me to something else I need to go learn. Some days I feel like my computer illiterate friend who tells me repeatedly that this "net stuff" and computers are never going to last.

Sometimes .... on days like this, I wish he was right ;)

ses4j




msg:901040
 8:13 pm on Nov 4, 2003 (gmt 0)

Thanks, bakedjake, for that thread reference. So apparently they're just Chinese open-proxy checks, and do not necessarily indicate that you HAVE an open proxy. I plan to just ignore it.

And here's hoping the Chinese totalitarianism falls and they'll be free to surf all the pr0n and political forums they want. :)

Scott

bakedjake




msg:901041
 8:14 pm on Nov 4, 2003 (gmt 0)

Careful there ses4j - political comments are generally frowned upon here.

BlueSky




msg:901042
 8:37 pm on Nov 4, 2003 (gmt 0)

So apparently they're just Chinese open-proxy checks, and do not necessarily indicate that you HAVE an open proxy.

The IP you posted is not from China whereas the one in the other post is. Chinese are not the only ones who look for open proxies.

ses4j




msg:901043
 8:51 pm on Nov 4, 2003 (gmt 0)

hehe, okay, okay... sorry about that, and no offense to the non-Chinese open-proxy hunters, I didn't mean to make you feel left out. The important thing for me is that it's just someone looking for an open proxy and not finding one here, and nothing more serious. Thanks everyone!

Scott

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved