[nSLUG] Curious httpd log entries...

Dop Ganger nslug at fop.ns.ca
Fri Aug 12 09:02:22 ADT 2005


On Fri, 12 Aug 2005, David Potter wrote:

> I'm starting to get a number of what, to me, are a few curious entries in my 
> httpd log.  (httpd-2.0.52-3.1)
>
> I believe that: they are from  related  sites (the ip numbers are close) - 
> however they appear to be coming from different computers (the browsers 
> appear to be different versions) and, ...I can't figure out how the request 
> is finding it's way to this machine.
>
> A sample of the log with a little more info is located at: 
> http://davidpotter.ns.ca/q1/

As Ben pointed out, they're spammers. What they may be doing is looking to 
get referral hits off your web site; a lot of people have their access log 
stats available to the public, which then get indexed by search engines 
like Google, which then give a boost to the ratings for the originating 
spamming site. Unfortunately, by putting up a logfile with their addresses 
on it on your website, you've fallen for their trap.

The other possibility is they're looking for open http proxies, which they 
can then send spam through. Looking at the URLs this may be more likely, 
as their seems to be some sort of unique tracking number for each site, 
and there's also the suspicious "dp=" (destination port?) tagged on the 
end of some of them.

Cheers... Dop.

!DSPAM:42fc8fcc145812402411438!




More information about the nSLUG mailing list