It's all from one source IP, but the requests are for various files from various websites hosted on my servers. Different domains, different files, even different file types. It's making about 8-10 GET requests at the same time, then does it again almost exactly a minute later. I can't remember seeing anything like it before. SJ On Wed, 2006-06-14 at 22:31 +0200, php0t wrote: > -----Original Message----- > From: Shannon Johnston > Sent: Wednesday, June 14, 2006 10:17 PM > To: full-disclosure@xxxxxxxxxxxxxxxxx > Subject: [Full-disclosure] Strange HTTP requests > > > I'm seeing a ton of HTTP requests in the following fashion: > > > > GET index.html - 80 - <ip address> HTTP/1.1 fuujcbjbGbagkmkGuj7kmgnebl > > +qekaf - - website.com 302 0 0 532 206 218 > > The random string would normally be the user-agent. I can't help but > think this is a bot of some sort. > > Anybody know of anything that would produce this? > > Are they all index.html requests? How often do you get them? From how > many different IP's? > It could be just a proxy or a firewall set up to change the user-agent > to some random string, but whether they're surfers or bots you can tell > by looking at all such lines - to me, an index.html alone doesn't tell > me much, maybe others have seen this though and know what it is. > > php0t > www.zorro.hu > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/