your server will still log any attempt to access your files, even if the server does not return anything, the hit is still valid.

Mack.

I kinda figured that....

I'm not real happy with my server log situation anyway. It's been almost a week since I could access the raw logs and then I find this junk. Oh well.....

At least you know they arent getting in any more, although things like this do have a habbit of messing up our logs

Mack.

I went to that ip that you posted and the page has no links
Is completely Red with black text that reads.

"Ever you wanna get some magic - just find me..."

couldnt see anything weird about the source code, put the ip into your browser and have a look.

I looked again and it said something different, So I guess its some sort of random text thing.

Hmmm, I never considered trying the address in my browser. I guess there's a lot I still don't even know to consider. Yep, the site has a different message for every visit. Wanna bet I get a few hits on my firewall from him in the next few days?

I guess I might have been right about his location... no one has told me I'm blocking an AOL yet :)

I also have encountered this guy. Hit us on Monday 29th Dec at 3am.

He appears to have requested the following file types:
/ (no extension)
.asp.jpg.html.dll.php.exe.mdb.cgi.php3.pl.jsp.htm.snp.txt.cfm.ini.
sh.dat.sys.cfml.tcl.shtm.shtml.inc.xsql.class.gif.php4.idx.xtp

This is a pretty thorough list. These have been taken from files he DIDN'T manage to get, who knows what he did access! We've emailed our host, and they said it may be a Search Engine that couldn't find our robots.txt file, but we have one, located in the correct place, so this to me seems very unlikely.

Has anyone else been hit by him? Can anyone shed any more information on him? He appears to be using a Broadband connection as there are several errors reported every second while he is filling our error log with random things.

Any more help is much appreciated.

[edited by: oilman at 8:39 pm (utc) on Jan. 2, 2004]
[edit reason] fixed side scroll [/edit]

My site was visited by this ip as well. I tracked it down to a site called Starman.ee I'm unable to read the language and I can't find any English to Russian translators on the web (I think it's Russian). Alexa.com listed Starman@starman.ee as the contact for the site. It seems to be some sort of telemedia site but it's hard to understand the random text page in that light unless it's a site similiarl to geocities or something like that.

Have there been any return visits to your sites?

its probably just another email harvester

Configure apache to set an env var for every access you don'T want to log, like nolog=1 or so. Then when you log simply exclude all accesses with this var set. Works fine for me. Use it to exclude lame hackign attemts as well as accesses to images and other things I'm not interested in. Keeps my logs nice and lean.

SN