homepage Welcome to WebmasterWorld Guest from 54.227.40.166
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
hypersphere-2010.png requests?
Anyone know why random requests for hypersphere-2010.png are in my logs?
chipa




msg:4312901
 4:58 am on May 16, 2011 (gmt 0)

I'm not sure how long it's been going on but we are getting somewhat random requests for /images/hypersphere-2010.png showing up in our error logs. We've never had such a file on our site. Google-ing it hasn't revealed much except that it appears in a small number of other website log files also. We cannot duplicate the requests when we test things ourselves. The logs show a rate of about 10 requests per hour (average) from a wide number of IP addresses and various user agents. Here's a sample from the past couple of days (in order of popularity):

1Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.165022.831050
2Mozilla/5.0 (Windows NT 6.0) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.244319.634703
3Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.162611.872146
4Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16188.219178
5Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.32 (KHTML, like Gecko) Chrome/13.0.748.0 Safari/534.32188.219178
6Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16156.849315
7Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.35 (KHTML, like Gecko) Chrome/13.0.761.0 Safari/534.35156.849315
8Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16104.566210
9Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.2462.739726
10Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.1652.283105
11Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.1652.283105
12Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.57 Safari/534.2452.283105
13Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.120.913242
14Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.2410.456621

Clearly Chrome seems to be a common thread. (There is one non-Chrome Safari in there however, #13). Unclear why that would matter though.

When there is a referrer entry in the logs, it shows that the request is coming from one of our own webpages but there is no discernible pattern to those pages. We've looked into the possibility that it was coming from an advertising script, but many of the referring pages don't have ads on them which shoots a hole in that theory.

Anyone know anything about this file? Anyone else seeing similar log entries?

Thanks in advance!
- Chip

 

bj61251




msg:4320440
 12:22 pm on Jun 1, 2011 (gmt 0)

I am having the exact same issue, exact same symptoms, and haven't been able to discern and reason behind it, either :-/

aristotle




msg:4322342
 1:13 am on Jun 6, 2011 (gmt 0)

Are they coming from iPads? Could they be looking for some kind of favicon?

Samizdata




msg:4322353
 1:58 am on Jun 6, 2011 (gmt 0)

Are they coming from iPads?

The user-agents listed above are Windows XP, Vista and 7, plus Mac Snow Leopard.

Chrome seems to be a common thread

As you almost pointed out, the common factor appears to be the WebKit engine.

I haven't seen this garbage myself, but found the following SERPs amusing:

* Shop for Hypersphere 2010.png online - Read Reviews, Compare
* pictures of hypersphere-2010.png
* Buy hypersphere 2010 png items and find other similar products

Search engines should ban sites like those IMHO.

...

SteveWh




msg:4322435
 11:17 am on Jun 6, 2011 (gmt 0)

When researching something like this, always remember that anyone or any botnet can send requests to your server for any filename they can think of or invent and using any referer and any user-agent string they want you to see or that they want to experiment with. None of the web page names, referers, or UA's necessarily have any basis in reality.

When any robot sends a referer string, it's probably fake anyway - robots do direct requests. And when robots send user-agent strings that look like browsers, those are fake, too.

Looking up some of the IP addresses might help throw some light on it. Are they webhosting companies, for example, which would suggest a network of possibly hacked websites. Or if they are consumer broadband companies, it could be a network of zombie (hacked) PCs.

michvhf




msg:4328864
 5:27 pm on Jun 21, 2011 (gmt 0)

It's caused by the plugin/extension/whateveryouwannacallit Hyperwords which is available for Safari, Chrome and Firefox. That's why there doesn't appear to correlate to a particular browser. This has taken me a few weeks to find (and I just did) and I put in a trouble ticket with them and they've gotten back to me already for more info.

chipa




msg:4328938
 8:01 pm on Jun 21, 2011 (gmt 0)

Thanks for tracking that down!

phranque




msg:4329042
 10:38 pm on Jun 21, 2011 (gmt 0)

welcome to WebmasterWorld, michvhf!
and thanks for that information.

and a belated round of welcomes go to both of our recently recovered lurkers, chipa and bj61251.
=8)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved