[nSLUG] Curious httpd log entries...
nslug at fop.ns.ca
Fri Aug 12 09:02:22 ADT 2005
On Fri, 12 Aug 2005, David Potter wrote:
> I'm starting to get a number of what, to me, are a few curious entries in my
> httpd log. (httpd-2.0.52-3.1)
> I believe that: they are from related sites (the ip numbers are close) -
> however they appear to be coming from different computers (the browsers
> appear to be different versions) and, ...I can't figure out how the request
> is finding it's way to this machine.
> A sample of the log with a little more info is located at:
As Ben pointed out, they're spammers. What they may be doing is looking to
get referral hits off your web site; a lot of people have their access log
stats available to the public, which then get indexed by search engines
like Google, which then give a boost to the ratings for the originating
spamming site. Unfortunately, by putting up a logfile with their addresses
on it on your website, you've fallen for their trap.
The other possibility is they're looking for open http proxies, which they
can then send spam through. Looking at the URLs this may be more likely,
as their seems to be some sort of unique tracking number for each site,
and there's also the suspicious "dp=" (destination port?) tagged on the
end of some of them.
More information about the nSLUG