Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

/sumthin Solved.

/sumthin requests in logs



8:04 am on Jul 18, 2003 (gmt 0)

Inactive Member
Account Expired


There are quiet a few posts on here asking about "/sumthin" requests showing up in their logs.

A request would look similar to this:

123.456.789.10 - - [02/July/2003:01:50:50 -0600] "GET /sumthin HTTP/1.0" 404

I usually get one or two emails a week asking about what these request do and what causes it...

The purpose of the request is to request a file which does not exist on your web server to see a 404 error page. A 404 error page usually contains information about the software running on the server.

You can test this out on your own web site:
1. Telnet into your site over port 80
(telnet example.com 80)
2. Type GET /sumthin HTTP/1.0 and press Enter twice.

In the result you might see a line similar to:

Server: Apache/1.3.27 (Unix) DAV/1.0.3 mod_bwlimited/1.0 PHP/4.3.1 mod_log_bytes/1.2 FrontPage/ mod_ssl/2.8.14 OpenSSL/0.9.6b

There are two known causes of this. Both are trojans/worms which are installed on compromised servers and used to automatically scan other machines. They are named:

1. httpver.c
2. ATD OpenSSL Mass Exploiter

If you receive any /sumthin requests in your apache log, it is possibly the originating IP is infected with one of those.

[edited by: littleman at 4:24 pm (utc) on July 18, 2003]
[edit reason] no sigs please [/edit]


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members