Anyone got any idea what it meens to have someone else's domain show up in my access_log? Having a look today, and found these...

thorpe@chloe ~ # sudo cat /var/log/apache2/access_log | grep ecool
210.223.85.208 - - [07/Feb/2006:14:29:03 +1100] "GET http://www.ecoolarcade.com/ HTTP/1.0" 404 272
210.223.85.208 - - [08/Feb/2006:20:32:01 +1100] "GET http://www.ecoolarcade.com/ HTTP/1.0" 404 272
59.42.10.181 - - [09/Feb/2006:14:32:21 +1100] "GET http://www.ecoolarcade.com/ip.pl HTTP/1.0" 404 272
59.42.10.181 - - [20/Feb/2006:21:49:36 +1100] "GET http://www.ecoolarcade.com/ip.pl HTTP/1.0" 404 272
59.42.10.181 - - [21/Feb/2006:15:14:07 +1100] "GET http://www.ecoolarcade.com/ip.pl HTTP/1.0" 404 272
59.42.10.181 - - [22/Feb/2006:16:41:23 +1100] "GET http://www.ecoolarcade.com/ip.pl HTTP/1.0" 404 272
59.42.10.181 - - [22/Feb/2006:18:48:50 +1100] "GET http://www.ecoolarcade.com/ip.pl HTTP/1.0" 404 272
59.42.10.181 - - [22/Feb/2006:23:57:56 +1100] "GET http://www.ecoolarcade.com/ip.pl HTTP/1.0" 404 272
59.42.10.181 - - [23/Feb/2006:02:33:09 +1100] "GET http://www.ecoolarcade.com/ip.pl HTTP/1.0" 404 272
59.42.10.181 - - [23/Feb/2006:18:21:12 +1100] "GET http://www.ecoolarcade.com/ip.pl HTTP/1.0" 404 272
59.42.10.181 - - [23/Feb/2006:22:38:44 +1100] "GET http://www.ecoolarcade.com/ip.pl HTTP/1.0" 404 272
59.21.46.253 - - [24/Feb/2006:01:28:30 +1100] "GET http://www.ecoolarcade.com/ip.pl HTTP/1.0" 404 272
thorpe@chloe ~ #

Ive no idea what this meens.... How could some domain that Im not hosting show up as being requested from my server?

Ive been to http://www.ecoolarcade.com and there is some site there. Ive also been to http://www.ecoolarcade.com/ip.pl, and it appears to be some sort of proxy script or something? Im not sure, not much of a networking guy.

    It means that some client from that IP address is requesting those URLs from your server. It won't serve them of course (unless proxying is enabled).

    You can't control what daft stuff people request from your server. Evil robots, worms and other malware often make some very strange requests.

    Notice the "404" in the status column - this means that these bots are getting 404s.

    Mark

      It means that some client from that IP address is requesting those URLs from your server.

      I understand that part (well, I think). I just dont understand how. I meen, that domain doesn't (or shouldn't) point to my server. How, if someone where to request foo.com, would it ever show in bar.com's logs, when foo.com has nothing to do with bar.com?

      I just dont get it.

        Actually, Ive just spent some time thinking about this. I have a dynamic Ip address, and Im using DynDns to route my domain to my Ip. Could it be that www.ecoolarcade.com is doing the same, and that on occassion I have his Ip?

        This way, when someone requests www.ecoolarcade.com, they end up at my server, and no such page.

        If you go to www.ecoolarcade.com/ip.pl it does mention something about tpgi, which is also my ISP.

        Thoughts?

          Yep. That sounds very likely to be the cause. If the dyanmic lookup is being cached someplace, then whoever uses that cache will occasionally end up using out of date info and going to the wrong server.

            Write a Reply...