It's a linux box running apache and while not DOS level - we are seeing 100's of these a day. They're all doing a get on the same non-existent pdf file, and they all redirect to some random porn site - sometimes the same one, sometimes different ones.
On Tue, Apr 14, 2009 at 10:16 AM, Dana <[email protected]> wrote: > > how many is "a bunch"? DoS level? I saw that conficker attacked the > University of Utah is why I ask > > that 324 is an http code? if so it's just an apache error talking > about header length which is not useful in itself > > Are the requests all coming from the same system? > > what OS is the server? > > > On Tue, Apr 14, 2009 at 8:58 AM, Deanna Schneider > <[email protected]> wrote: >> >> Okay, our server admin is seeing a bunch of redirects in our logs. Of >> course, these are logs for the entire server, but because the initial >> get is for something that we used to have on the server, he's wanting >> us to figure out how it's happening. Any pointers? This is the sort of >> stuff he's seeing (Identifying info changed to protect the innocent) >> >> IP ADDRESS - - [14/Apr/2009:00:42:40 -0500] "GET "A-NON-EXISTENT (BUT >> USED TO EXIST) URL HERE" HTTP/1.1" 301 324 "Nasty spammy URL HERE" >> "\xef\xbb\xbfMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; >> rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6" >> >> I've done a grep for uses of cflocation in conjunction with form or >> url variables, but haven't found anything that I think could be the >> culprit...other thoughts? >> >> The requests are coming from an IP in England...if that's any help at all. >> >> -Deanna >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:294953 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
