9 May
2017
9 May
'17
2:49 a.m.
Brian,
Since you are using Apache perhaps you can enable more client details
in your log verbosity by changing your LogFormat from the default settings to
the combinedio settings which will include more information about the client
software that is connecting to your web server.
Such details as these can be shown if you increase your LogFormat:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O"
combinedio
CustomLog "logs/access_log" combinedio
Client Agent (small sample)
"Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0"
"Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy
connection)"
"Googlebot/2.1 (+http://www.google.com/bot.html)"
"Mozilla/5.0 (compatible; Googlebot/2.1;
+http://www.google.com/bot.html)"
"Mozilla/5.0 (compatible; Baiduspider/2.0;
+http://www.baidu.com/search/spider.html)"
"Mozilla/5.0 (compatible; MojeekBot/0.6;
+https://www.mojeek.com/bot.html)"
Tim Osburn
W7RSZ / JG1MBR
https://www.osburn.com
On Mon, 8 May 2017, Brian Kantor wrote:
Date: Mon, 8 May 2017 23:27:14 -0700
From: Brian Kantor <Brian(a)UCSD.Edu>
Reply-To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
Subject: Re: [44net] gateway errors detail available
(Please trim inclusions from previous messages)
_______________________________________________
Yes, the host 'hamradio.ucsd.edu' where the mailing list is hosted
also archives all messages and makes them available via the web.
It's amusing: despite not being real, from the following Apache
log entries, no-such-file has been a popular target this evening:
gw.ampr.org-ssl 70.39.157.194 - - [08/May/2017:17:56:38 -0700] "GET
/private/no-such-file.txt HTTP/1.1" 401 381
gw.ampr.org-ssl 66.85.73.59 - - [08/May/2017:17:58:59 -0700] "GET
/private/no-such-file.txt HTTP/1.1" 401 381
gw.ampr.org-ssl 220.233.167.221 - - [08/May/2017:17:59:43 -0700] "GET
/private/no-such-file.txt HTTP/1.1" 401 381
gw.ampr.org-ssl 4.79.123.0 - - [08/May/2017:18:09:35 -0700] "GET
/private/no-such-file.txt HTTP/1.1" 401 381
gw.ampr.org-ssl 68.40.58.30 - - [08/May/2017:18:56:26 -0700] "GET
/private/no-such-file.txt HTTP/1.1" 401 381
gw.ampr.org-ssl 4.79.123.0 - - [08/May/2017:21:42:57 -0700] "GET
/private/no-such-file.txt HTTP/1.1" 401 381
gw.ampr.org-ssl 165.225.80.161 - - [08/May/2017:21:48:27 -0700] "GET
/private/no-such-file.txt HTTP/1.1" 401 381
The first one above was logged just 19 seconds after I posted the message
to the list. The others came later; they could be humans. Note that
none of them logged in; they just tried to fetch the file and went
away. Oh, I'm not concerned, I just was a bit surprised. And curious.
- Brian
On Tue, May 09, 2017 at 04:42:26AM +0000, Ruben ON3RVH wrote:
Is the content of the list posted on a website?
Like for archiving
purposes?
Otherwise someone might have a mailbox from the list configured with a
scraper..
Can you see which is the source IP for the requests? Maybe this can lead
you to the correct person..
73,
Ruben - ON3RVH
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net