| 9:09 pm on Oct 31, 2013 (gmt 0)|
405: that's not what your logs show.
301 line is a redirect.
404 is a not found error.
Your error_log probably has a bit more info than your access_log.
Now "Mangoway" smells like a bot unless your log isn't showing there the browser string...
| 9:39 pm on Oct 31, 2013 (gmt 0)|
Oops...the 405 error was something else. So maybe I have 2 issues.
Sorry - I'm drowning in raw logs. The 405 doesn't give ANY further information. Just this:
[Thu Oct 31 16:57:32 2013] [error] [client 18.104.22.168] File does not exist: /home/myusername/public_html/405.shtml
[Thu Oct 31 16:57:28 2013] [error] [client 22.214.171.124] File does not exist: /home/myusername/public_html/405.shtml
I blocked the IP with the 405 error and also blocked "Mangoway" as a user agent in my .htaccess file. I hope that works because there are a gazillion IP addresses being used - not a normal browser string. Very strange that something redirects to my site to a page not found about 3 times per minute. ?
| 12:43 am on Nov 1, 2013 (gmt 0)|
Why is it a 405 in the first place? I had to go look it up: Method Not Allowed. But here it sounds more as if you simply don't like the visitor's face. So why not a basic 403?
File does not exist: /home/myusername/public_html/405.shtml
Frankly this worries me more. Why is the server looking for 405.shtml? It's got nothing to do with the 405 as such. The error message implies that somewhere else you've said
ErrorDocument 405 /405.shtml
and then when the server encounters a 405 error and goes looking for the document "405.shtml" it can't find it.
For starters, check your typing. I noticed this post is in the AdSense forum and the subject line says "indix.html". OK, so there's nothing wrong with telling the server that this is how you choose to spell it-- but it's unusual enough that I have to wonder about typos along the way.
| 3:16 am on Nov 1, 2013 (gmt 0)|
I have nothing in my .htaccess file that issues a 405 error. I had to look that up too. I'll check with my server people to see where/why the server is issuing that directive.
As far as the indix.html - none of MY pages are called indix.html - so my guess is that Mangoway is calling example.com/indix.html and my server redirects it to www.example.com/indix.html and issues a 404. There's no referrer.
This post is in the adsense forum because I'm trying to find something that resembles invalid click activity and I found both these things odd.
| 7:41 am on Nov 1, 2013 (gmt 0)|
|As far as the indix.html - none of MY pages are called indix.html - so my guess is that Mangoway is calling example.com/indix.html and my server redirects it to www.example.com/indix.html and issues a 404. There's no referrer. |
Whoops! I completely misread the original post. So it's their typo, not yours.
Do you have any ErrorDocument directives of your own? The happiest solution at this point would be discovering that the last time the host tweaked the software, they mistyped "405" instead of "404". Then everyone on the server would be getting this mistake! But an ErrorDocument statement in your own htaccess overrides a server-wide one. So you can simply put in a line of your own and see if the whole "405.shtml" issue goes away.
Your unwelcome visitor would be hard pressed to click on anything if they're not even arriving on a page :)
Is the offending IP blocked? The most recent logs should then show 403 instead of 404. There may or may not still be a preceding 301, depending on whether the domain-name redirect originates in the config file or in htaccess.
| 2:08 pm on Nov 1, 2013 (gmt 0)|
Sounds like she's getting them on multiple IP numbers. I've never seen that particular string, and I did some searches and didn't find anything either, so you got me. You could try adding it to your robots.txt to see if that blocks it (but of course, badly behaved bots behave badly, and won't necessarily obey robots.txt)
| 9:16 pm on Nov 1, 2013 (gmt 0)|
|I've never seen that particular string |
I also didn't recognize any of the IPs. Cursory lookup turns up assorted apparently human ranges: I get two Sprint/Embarq, one Verizon Online and a (maybe) Hawaiian Telcom. ymmv. Compromised machines?
A flat block on the UA string can't do any harm.
Now, technically you don't need to do anything at all: they're asking for a nonexistent page, so the most they'll ever get is a 404. A 403 might save a teeny tiny bit of server resources (because it never has to go look for the file). But in this case it's more about emotional satisfaction.