[Tfug] Question about Apache log entries.

erich tfug@tfug.org
Mon Mar 3 18:54:01 2003 

--------------040005010403030301010500
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

   What you mean by "foreign" is outside of your system, I guess. I did 
some research
and its not offshore.

   Here's what I get:

   From Netcraft:

   The site www.outwar.com <http://www.outwar.com> is running * 
Apache/1.3.27 (Unix) (Red-Hat/Linux)       mod_python/2.7.8 Python/1.5.2 
mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 
mod_throttle/3.1.2*
   and the IP address:  65.61.153.217. This is the Netblock owner

   From Dshield I get:




OrgName:    Rackspace.com 
OrgID:      RSPC
Address:    112 E. Pecan St.
Address:    Suite 600
City:       San Antonio
StateProv:  TX
PostalCode: 78205
Country:    US

NetRange:   65.61.128.0 - 65.61.191.255 
CIDR:       65.61.128.0/18 
NetName:    RSPC-NET-4
NetHandle:  NET-65-61-128-0-1
Parent:     NET-65-0-0-0-0
NetType:    Direct Allocation
NameServer: NS.RACKSPACE.COM
NameServer: NS2.RACKSPACE.COM
Comment:    
RegDate:    2002-11-01
Updated:    2003-01-24

OrgTechHandle: IPADM17-ARIN
OrgTechName:   IPADMIN 
OrgTechPhone:  +1-210-892-4000
OrgTechEmail:  ipadmin@rackspace.com




    I suspect that they are also parasitizing rackspace.com. Another 
cockroach
stealing bandwidth.

                                                              Cheers,
                                                              Erich


   



Quag7 wrote:

>I was looking through my Apache logs, and I have a question.  Ordinarily
>each line in the log corresponds to a hit to a page on my server.
>
>Letely, however I've noticed foreign http addresses showing up.  For
>example:
>
>24.128.170.195 - - [23/Feb/2003:01:26:59 -0500] "GET
>http://www.outwar.com/page.php?x=297382&pro=1e14c3925f8337fcb0d9b447f816493d HTTP/1.1" 302 276 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
>
>I have several hundred of these hits over the course of a week. 
>outwar.com is some kind of online game.  I'm curious though why it's
>showing up as a hit to my server.
>
>  -Quag7 
>
>
>_______________________________________________
>tfug mailing list
>tfug@tfug.org
>https://www.tfug.org/mailman/listinfo/tfug
>



--------------040005010403030301010500
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <title></title>
</head>
<body>
&nbsp; &nbsp;What you mean by "foreign" is outside of your system, I guess. I did some
research<br>
and its not offshore.<br>
<br>
&nbsp; &nbsp;Here's what I get:<br>
<br>
&nbsp; &nbsp;From Netcraft:<br>
<br>
 &nbsp; &nbsp;The site <a href="http://www.outwar.com">www.outwar.com</a> is running
<b> Apache/1.3.27 (Unix)  (Red-Hat/Linux) &nbsp; &nbsp; &nbsp; mod_python/2.7.8 Python/1.5.2
mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2</b><br>
&nbsp; &nbsp;and the IP address: &nbsp;65.61.153.217. This is the Netblock owner<br>
<br>
&nbsp; &nbsp;From Dshield I get:<br>
<br>
<br>
<br>
<table>
  <tbody>
    <tr>
      <td valign="top" align="right"><br>
      </td>
      <td>
      <pre>OrgName:    Rackspace.com <br>OrgID:      RSPC<br>Address:    112 E. Pecan St.<br>Address:    Suite 600<br>City:       San Antonio<br>StateProv:  TX<br>PostalCode: 78205<br>Country:    US<br><br>NetRange:   65.61.128.0 - 65.61.191.255 <br>CIDR:       65.61.128.0/18 <br>NetName:    RSPC-NET-4<br>NetHandle:  NET-65-61-128-0-1<br>Parent:     NET-65-0-0-0-0<br>NetType:    Direct Allocation<br>NameServer: NS.RACKSPACE.COM<br>NameServer: NS2.RACKSPACE.COM<br>Comment:    <br>RegDate:    2002-11-01<br>Updated:    2003-01-24<br><br>OrgTechHandle: IPADM17-ARIN<br>OrgTechName:   IPADMIN <br>OrgTechPhone:  +1-210-892-4000<br>OrgTechEmail:  <a class="moz-txt-link-abbreviated" href="mailto:ipadmin@rackspace.com">ipadmin@rackspace.com</a></pre>
      </td>
    </tr>
  </tbody>
</table>
<br>
<br>
<br>
&nbsp; &nbsp; I suspect that they are also parasitizing rackspace.com. Another cockroach<br>
stealing bandwidth.<br>
<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Cheers,<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Erich<br>
<br>
<br>
&nbsp; &nbsp; <br>
<br>
<br>
<br>
Quag7 wrote:<br>
<blockquote type="cite" cite="mid:1046728214.5709.13.camel@antarctica">
  <pre wrap="">I was looking through my Apache logs, and I have a question.  Ordinarily<br>each line in the log corresponds to a hit to a page on my server.<br><br>Letely, however I've noticed foreign http addresses showing up.  For<br>example:<br><br>24.128.170.195 - - [23/Feb/2003:01:26:59 -0500] "GET<br><a class="moz-txt-link-freetext" href="http://www.outwar.com/page.php?x=297382&pro=1e14c3925f8337fcb0d9b447f816493d">http://www.outwar.com/page.php?x=297382&amp;pro=1e14c3925f8337fcb0d9b447f816493d</a> HTTP/1.1" 302 276 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"<br><br>I have several hundred of these hits over the course of a week. <br>outwar.com is some kind of online game.  I'm curious though why it's<br>showing up as a hit to my server.<br><br>  -Quag7 <br><br><br>_______________________________________________<br>tfug mailing list<br><a class="moz-txt-link-abbreviated" href="mailto:tfug@tfug.org">tfug@tfug.org</a><br><a class="moz-txt-link-freetext" href="htt
p://www.tfug.org/mailman/listinfo/tfug">https://www.tfug.org/mailman/listinfo/tfug</a><br><br></pre>
  </blockquote>
  <br>
  <br>
  </body>
  </html>

--------------040005010403030301010500--