On Wed, Oct 06, 2004 at 11:37:24AM +0300, Emil Perhinschi wrote: > Sorry to bother, but is this an attack? I get repeated requests for a > file "favicon.ico" that should have been, or so the client connecting > believes, in the root of my htdocs. The conections come from different > hosts, and at least in some it seems to be running Konqueror, so it is > not a Windows worm: "GET / HTTP/1.1" 200 1004 "-" "Mozilla/5.0 > (compatible; Konqueror/2.2.2; Linux)".
No it's not an attack. It used to be an Internet Explorer browser feature that when a user bookmarked a page upon your site it would request the /favicon.ico to display next to the bookmark. Now other browsers do it too. If you go to a website such as slashdot.org and see a small icon in the address bar - this is the favicon.ico file being displayed. I'm not too sure how the browser asks for it, on first page load or only when bookmarked, but it's a fairly common feature now. Galleon, Konqueror, Mozilla, Firefox, and Internet Explorer will all do it. > it's a little bit offtopic, but I found nothing about it on cert.org ... I suspect google.com would be more helpful ... Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
