1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 8:06 am May 14, 2026

Forum Moderators: DixonJones

Message Too Old, No Replies

Odd requests in server logs

looks like a random string of characters

         

brakthepoet

10:58 pm on Apr 4, 2003 (gmt 0)

10+ Year Member



I'm used to the Formail and /sumthin requests showing up in my logs, but this on really blows me away. Only noticed it since they got a 404 response. Any ideas what they may be related to?

63.200.69.107 - - [02/Apr/2003:20:22:27 -0600]
"GET /&y=02B8E5425B625549&i=41&c=1031&q=02%5ESSHPM%5BL7hz%7Dr~lkzm%3Fhz%7Dr~lkzm_%3Fzr~vs6&e=utf8&r=749&d=www-en-us&n=88G45H3VLQ53TERR&s=286&t=&m=3E8B94A5&x=0111CA023A4772F6HTTP/1.1"
404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

63.200.69.107 - - [02/Apr/2003:20:24:20 -0600]
"GET /&y=02B8E5425B625549&i=41&c=1031&q=02%5ESSHPM%5BL7hz%7Dr~lkzm%3Fhz%7Dr~lkzm_%3Fzr~vs6&e=utf8&r=749&d=www-en-us&n=88GK5H09MA53SQRJ&s=346&t=&m=3E8B94AA&x=01FDCE9A05022F37 HTTP/1.1"
404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)

And this afternoon this one shows up:

141.154.89.18 - - [04/Apr/2003:12:40:12 -0600]
"GET /&y=028D3EA85719336A&i=41&c=1031&q=02%5EQFHPM%5BL7Xzqzm~s%3F%5EQ%5B%3FZsz%7Ckmv%7C%3F%5EQ%5B%3FYpp%7B%3F%5EQ%5B%3FOmp%7Czllpm6&e=utf8&r=11&d=www-en-us&n=890K5H54AI6JSM29&s=345&t=&m=3E8DD080&x=01A4274D14F17A47 HTTP/1.0"
404 1254 "http://search6.vivisimo.com/search?query=General%20Electric%20Food%20Processor&v%3asources=AltaVista%2cMSN%2cNetscape%2cLycos%2cLooksmart%2cFindWhat&x=32&y=13&ip_addr=141.154.89.18&v%3aoption%3arender.base_url=http%3a%2f%2fvivisimo.com%2fvivisimo&v%3aframe=tree&v%3afile=viv_46650283c1220845cdf7d3e369f294c9&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

Any ideas? Is it just a poor job of a search engine sending traffic, or something more sinister?

jdMorgan

11:43 pm on Apr 4, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



brakthepoet,

Pretty weird... That last one is the Vivisimo search engine, and you can get the search string out of the referer. Then go to Vivisimo, use that search string, and click through to your own site in the results list. Then check your logs to see what a normal request should look like.

The first two are requesting "/" (your home page) and then appending all that junk as a query string for a script. Back-tracking that IP address on ARIN leads to a company that you would not expect to be real deep into hacking...

Jim

brakthepoet

12:30 am on Apr 6, 2003 (gmt 0)

10+ Year Member



jdMorgan,
Thanks for the assist. Guess I'll just have to stay on the lookout for any more of this and try to take care of it from there. And I know when one of our resident experts says "pretty weird," it must be pretty weird.

killroy

12:44 am on Apr 6, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Ussualy when I get stuff like this it's either the standard series of broadcast valnurability searches (that simply don't apply to my Apache server :).
Other strange strings include aborted logs, where the log file was slightly corrupted for some reason.
And last I had occasions where error messages from teh scripting environment leaked into the log.

But I've also gotten strange strings (like an appended "&langauge=en") that I simply have no idea where they come from.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 8:06 am May 14, 2026