Weird Log Entries

Forum Moderators: open

Message Too Old, No Replies

Weird Log Entries

weird GET requests

patchwork

1:41 am on Aug 14, 2001 (gmt 0)

Does anybody know what could cause log entries like this?

65.7.80.144 - - [02/Aug/2001:00:00:03 -0400] "GET /?did=150&ver=1.51&duid=elybdrqmehqdaiyxoqdppsimaeuqw HTTP/1.1" 200 0 "-" "-"

Whatever causes these entries has been hitting my site over 100,000 times per day for the last 10 days.

I analyzed 4 days worth of logs (492,000 requests) and the requests came from 5,960 unique IP addresses.

All the lines are basically the same, the number after did= is always between 148 and 151, the string after duid= seems to be random, the referring url and the User-agent fields are always blank.

Does any body know anything about these requests?

Thanks
Pete Kelly

littleman

6:45 am on Aug 14, 2001 (gmt 0)

Wow, I really have no idea. It looks to me that this is some type tracking software that is wrongly throwing it's id on the out doing urls, but those numbers are amazingly high. Are all the IPs coming out of at-home cable?

patchwork

7:14 am on Aug 14, 2001 (gmt 0)

>>Are all the IPs coming out of at-home cable?<<

No, the IP's come from 5,706 ISP's, I generated 2 reports from the logs.

IP & Hits Report (380Kb)
[trafficg.com...]

Host Lookup Report (153Kb)
[trafficg.com...]

Pete Kelly

Josk

7:51 am on Aug 14, 2001 (gmt 0)

It *could* be Code Red. I had a lots of strange urls being requested, and then I figured out it was Code Red.

patchwork

8:02 am on Aug 14, 2001 (gmt 0)

This is a what a code red entry looks like.

24.202.48.73 - - [01/Aug/2001:08:53:31 -0400] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 333 "-" "-"