Forum Moderators: DixonJones
I know we're all pretty busy and that our time is short, what with gearing up for the festivities :)
No IP Number here - yet it makes for a fairly normal looking AOL Search.
United States?
cache-rm06.proxy.aol.com - - [18/Dec/2002:10:08:25 -0800] "GET /Aboriginal_Tribes-Councils_P-Z.html HTTP/1.0" 200 13301 "http://aolsearch.aol.com/dirsearch.adp?query=Michigan%20Indian%20Reservation&first=86&last=100&next=item&cat=0&layer=0&catstring=11%2e272%2e257%2e10355%2e17893%2e46081%2e812635" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 8.0; Windows 98; H010818; Hotbar 3.0)"
No IP Number - just a GET.
No idea.
cm61-15-248-13.hkcable.com.hk - - [18/Dec/2002:10:25:54 -0800] "GET / HTTP/1.1" 200 20055 "-" "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"
Firewall? <shrug>
United States?
firewall.granbury.k12.tx.us - - [18/Dec/2002:10:31:03 -0800] "GET / HTTP/1.1" 200 20055 "http://www.google.com/search?q=www.msn+home+page.com&hl=en&lr=&ie=ISO-8859-1&safe=vss" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
This one got picked up my ban on "MFC_Tear_Sample".
No clue.
host217-37-196-137.in-addr.btopenworld.com - - [18/Dec/2002:08:37:15 -0800] "GET / HTTP/1.1" 403 210 "-" "MFC_Tear_Sample"
Same as above, only the this time as a grub.
Nope.
host217-39-211-202.in-addr.btopenworld.com - - [18/Dec/2002:10:58:21 -0800] "GET /1SitSub.html HTTP/1.1" 403 222 "-" "Mozilla/4.0 (compatible; grub-client-1.0.5; Crawl your own stuff with [grub[...]This one seems normal enough except for the term [b]mail.
Huh, uh.
mail.hcps.org - - [18/Dec/2002:11:10:44 -0800] "GET /Education.html HTTP/1.0" 200 8029 "-" "Mozilla/4.77 [en]C-CCK-MCD (Windows NT 5.0; U)"I'm gettin grubbed today :o
No.
public1-blac2-6-cust95.oldh.broadband.ntl.com - - [18/Dec/2002:09:50:29 -0800] "GET /1Science.html HTTP/1.1" 403 223 "-" "Mozilla/4.0 (compatible; grub-client-1.0.5; Crawl your own stuff with [grub.org)[...]Seems normalish.
Canada?
[b]toronto-hse-ppp3721440.sympatico.ca - - [18/Dec/2002:09:51:41 -0800] "GET /Aboriginal_Native-Art.html HTTP/1.1" 200 5576Well, there it is.
I've never seen so many of these new requests.
What do they look like to you? Broken Backbone somewhere? Do they share an association somehow?
I'll try and get back when I can. In the meantime, Thanks to those who contribute :) .
Happy Holidays!
and
Drive responsibly.Pendanticist.
One benefit is that you can more easily see who (generally) is hitting your site. For instance, you can see which ISPs they are using or what company they are coming from.
One downside is that it takes a little bit of time and resources to do the resolution and your webserver must do it in realtime, so it may make your webserver a little slower.
Hope it helps.
-Andy
It appears to me that you have your webserver set to resolve reverse DNS entries for the addresses from which the requests are coming. Just like domain names can get resolved to IP addresses through DNS, IP addresses can be resolved back into domain names by referring to DNS entries. Your webserver is set to do that in your logs.One benefit is that you can more easily see who (generally) is hitting your site. For instance, you can see which ISPs they are using or what company they are coming from.
Ok. How does that relate to (for the lack of a better term) IP Number standards? By that I mean, I can paste an IP Number into Sam Spade and get results. I can also paste the referrer string into IE5.5 and away I go. That's how I sometimes check my serps. :)
None of the other services that you can trace with cruch this anymore and Sam Spade is completely foiled. <shrug>
One downside is that it takes a little bit of time and resources to do the resolution and your webserver must do it in realtime, so it may make your webserver a little slower.
Hope it helps.
Andy
Well, you gave me more to think about, for sure :o Thanks for explaining it for me. I always did like to learn something new everyday.
The bottom line then would traffic load?
One last thing - Do you see nothing malicious here, or is this normal? Sorry to reask the question. It's only that I've never seen them before.
Thanks again. :)
Pendanticist.
Nothing malicious. This is controlled by your server settings, not by the requestor. You may be able to get it changed by asking your hosting service.
My host used to do reverse DNS like this and it made tracking down site abusers more difficult, since I'd get the domain name instead of an IP address. If the domain was big, like AOL for example, then there was just no telling who had hit the site. Because my traffic is up, my host recently turned off the reverse DNS, and I now find it harder to "track users" in the raw logs. But having the precise IP address is more useful in the long run.
Jim
Pendanticist.
Thanks ever so much, Jim. I'm on the phone with them now.
Well, so much for outsourcing to India and language barriers.
The tech I got sounded three levels below that of the guy in that funny robot movie some years back. You know, where the robot than traversed on two track and learns to equate "Death" to "Disassemble!" I'm not recalling to well this morning. Sleep depravation, 'ya know. :(
First, it took me fifteen minutes to explain the situation and that was restricting my comments to:
"No IP Numbers, Why?""I must have IP Numbers."
"No DNS, Must have IP Numbers."
Then, she put me on hold, for awhile. Oddest elevator music you ever heard too.
When she came back, she had me going into my "Run" box off the 'Start Menu' and typing in 'CMD'. When it opened, she was wanting me to type in something that sounded very much like "ping.something" or other. However, with the language barrier and needing to finish my Internship paper, there was no was I was going to delve any furthur at that time if I want to graduate Saturday.
Hell, what possible fix to my situtation could/would running CMD be? I'm thinking that's a Command Line Function, right?
If it hasn't become evidentally clear to some of you, there is a great deal of this that I know nothing of. I'm self-taught, not formally educated.
Admittedly, there are some major holes in my knowledge base. I know that. Hell, I started my domain on a WebTV Internet Terminal back in '95 and didn't even have a PC untl '97. Juggling that with school has left much room for improvement.
My domain is a portal/director that has enjoyed a PR 6 for a loooong time. Maintaining those rankins and the serps too, depends on IP Numbers to keep the link rot to a minimum as well as banning various insundry pests.
I have intentions of updating in the near future by adding some 5,000 additional annotated sites to that directory (bringing the total links out to near 10,000) and without IP Numbers or an entire new learning curve, that is impossible.
Maybe I'll try getting back to them Sunday, or something. In the mean time, I just fired off a one line e-mail message.
Subject Header: "Where are my IP Numbers"
Body of message: "I must have my IP Numbers back in my access_log files." "Please fix it so they are back."
Thanks again all. :)
Pendanticist.
For refererence when you call them back, see the Apache mod_log_config documentation [httpd.apache.org].
It sounds as if they have changed the LogFormat configuration on your server. The initial parameter used to be %a and is now %h.
%a specifies that the REMOTE_ADDRESS should be displayed in the log, while %h specifies that the REMOTE_HOST name should be displayed.
Jim
The initial parameter used to be %a and is now %h.
Actually, it sounds like the setting of the HostnameLookups directive has been changed:
[httpd.apache.org...]
If that's the way they want it to be the default on the server, see if you can get them to change it for you by setting the directive within the <VirtualHost> containers for your site.
pendanticist,
The good news about HostnameLookups is that it can be set on a per-directory basis, which means you can ask your host to turn it off for your account only if they have some reason they want to have it on by default for other accounts.
Jim
Actually, it sounds like the setting of the HostnameLookups directive has been changed:
[httpd.apache.org...]<snip>
pendanticist,
The good news about HostnameLookups is that it can be set on a per-directory basis, which means you can ask your host to turn it off for your account only if they have some reason they want to have it on by default for other accounts.So that's what they call it, HostnameLookups not DNS, like I was saying. That might be a good reason for the consfusion last night too. I was telling them one thing and using the verbiage of something else. <duh!>
Anyway, that's great information. Thanks JayC and Jim.
Now, when I call them Sunday or Monday, I have something to give them. Keep your fingers crossed.
Thanks again guys.
Pendanticist.
