Welcome to WebmasterWorld Guest from 54.166.54.215

Forum Moderators: DixonJones & mademetop

Help Analysing Log File

   
5:11 pm on Aug 4, 2003 (gmt 0)

10+ Year Member



When I analysed my log files with awstats I saw something weird in the top visitors table:


Unique Visitor Pages Hits Byte Latest Visit
65.95.54.153 118595 118595 0 03 Aug 2003 - 18:19
142.163.186.202 12953 12963 22.71 KB 02 Aug 2003 - 12:59
65.92.97.179 8308 8308 0 02 Aug 2003 - 21:54
142.221.110.4 7978 8002 72.98 KB 01 Aug 2003 - 18:12
211.148.205.39 6511 6511 0 03 Aug 2003 - 08:26
65.92.97.123 4226 4226 0 01 Aug 2003 - 09:27
68.39.118.36 3261 3261 2.99 MB 04 Aug 2003 - 07:28
216.209.176.207 2660 2660 0 02 Aug 2003 - 16:33
68.39.19.50 2400 2400 2.20 MB 04 Aug 2003 - 07:40
65.217.171.126 1873 1873 0 04 Aug 2003 - 08:12
216.249.65.13 1590 1590 1.49 MB 04 Aug 2003 - 06:27
12.208.223.103 1524 1524 1.44 MB 04 Aug 2003 - 08:11

(sorry that the formating got weird)

For example the top ip-address has on only four days done 118595 hits but downloaded like 0 bytes... and it's a lot of them... is this some kind of DoS-attack or what? How do I prevent bad people to do bad things to my server?
Is there any good tutorial or manual for analysing apache logfiles and find out if theres any monkey business going on?

Here are some line from my log with Ip-address that has a lot of hits but hasn't downloaded anything:
168.243.170.213 - - [04/Aug/2003:12:21:58 -0700] "HEAD /ident.cab HTTP/1.1" 302 - "-" "Progressive Download"
168.243.170.213 - - [04/Aug/2003:12:21:59 -0700] "HEAD /default.php HTTP/1.1" 200 - "-" "Progressive Download"

65.217.171.126 - - [04/Aug/2003:12:22:25 -0700] "GET /fpukregver.txt HTTP/1.1" 302 0 "-" "Microsoft URL Control - 6.00.8862"
65.217.171.126 - - [04/Aug/2003:12:22:26 -0700] "GET /default.php HTTP/1.1" 200 0 "-" "Microsoft URL Control - 6.00.8862"

3:43 pm on Aug 5, 2003 (gmt 0)

10+ Year Member



I've seen hits like this in my logs as well - all of them from robots (or none of them from browsers, at least). I never figured out what it was, but my guess is some kind of HTTP/1.1 thing where the server doesn't need to return any more data. I'd like to see what the exact request headers were...
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month