What are these strange requests in my HTTP server log?
June 12, 2005 10:43 AM Subscribe
Why would requests for other websites show up in my web server's access log, and does it indicate that there's a vulnerability in my server?
posted by jacobm to computers & internet (14 answers total)
I've been running a small web site on a custom web server for the past month. Recently I've noticed in the logs a bunch of really odd HTTP requests showing up where the request is actually to a different web site: for instance, where a normal request is getting "/images/banner.png" or "/" or "/index" or something, there are requests for "http://www.sciencedirect.com/" and a couple other academically-related URLs. (In case you don't know, ScienceDirect is one of those sites that serves up academic papers and charges you — or more likely the school you go to — an arm and a leg for the privilege. It's unlikely that they're trying to spam server logs.) The requests come from a bunch of different source IP addresses, but the requests are always the same. I tried telnetting to the server and forging various GET requests that I can imagine would place an entry like that in my server's log, but I never get anything in response other than an error message.
Any ideas what's causing this? And more importantly, is it possible that my web server is doing something it shouldn't be doing and that I'll need to fix?