Tags:




How do I keep access logs from filling up with garbage?
May 11, 2004 10:03 PM   RSS feed for this thread Subscribe

Why are my apache access logs filling with garbage? Most of it doesn't seem to be refer spam. [more inside]

Example, with "222.222.22.222" being used instead of my real IP address.


222.222.22.222 - - [11/May/2004:22:05:16 -0700] "GET http://e11.member.sc5.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=u_r_a_fat_negro&passwd=Tossed HTTP/1.0" 404 279 "-" "-"


I don't think it's refer spam because it's about 95% yahoo (although I am getting some refer spam for porn sites mixed in).

I'm also getting this:


222.222.22.222 - - [11/May/2004:22:04:49 -0700] "CONNECT login.icq.com:443 HTTP/1.0" 200 4039 "-" "-"


As well as POSTs to the yahoo urls. Anyone seen this? Any clue what the username and password would be doing there in the query string? Any thoughts? I've done some .htaccess work in the past, so I'm ok with doing it again.
posted by jragon to computers & internet (3 comments total)
That "connect" is a HTTP-SSL proxy request. Are you running a wide open proxy (mod_proxy)? Someone is trying to find out.

As far as the link goes... are you asking us to click the link? If you aren't, let us know what happens when you click the link. Until then I'm guessing it's referer spam, but I'm not clicking it to find out.
posted by Voivod at 10:19 PM on May 11, 2004


I think that this is

1) someone testing your site to see if it's accepting external get requests (meaning that it's a proxy server). I get these all the time.

or

2) someone already thinks it's a proxy server and has setup software to use it as such.

and just to be safe, are you sure your server isn't actually relaying these requests? you don't want to be on some anonymous proxy list....
posted by helios at 10:19 PM on May 11, 2004


It's been a few days and it definitely looks like someone's trying to use me as a proxy. I'm not wide open, so apparently the requests aren't getting through, but it's pretty annoying to have my pipe clogged by a proxy request every few seconds.

Volvod, as for the link, it just points to yahoo and asks for your yahoo password. The username/pass in the querystring aren't valid.

Thanks for everyone's help.
posted by jragon at 7:40 PM on May 13, 2004


« Older Can anyone help me find out th...   |   DVD-R or DVD+R? [More inside]... Newer »
This thread is closed to new comments.