0

For the last few days, I've been having a lot of requests to unexisting pages on my server.

The worrying part about it is that, when I look at the 404 error log I've built for my site, these requests seem to mask my server name: when asking for CGI.SERVER_NAME (that's ColdFusion's equivalent to PHP's $_SERVER['SERVER_NAME']), it doesn't return my server name as expected, but other external domain names (some of them from kind of "dodgy" websites).

Having a look at apache's access log, all the requests follow the same pattern:

[root@myserver]# grep DAPPER-HOST-IP access_log | head -n 1
XXX.XX.XXX.XX - - [30/Sep/2013:02:11:28 +0100] "GET
/page-completely-unrelated-to-my-website.cfm HTTP/1.1" 404 1826 "-"
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)DAPPER-HOST-IP:YY.YYY.YY.YYY"

where XXX.XX.XXX.XX are always IPs of a certain search engine (which I'm not especially keen on keeping). The user agent always have the string "DAPPER-HOST-IP" and YY.YYY.YY.YYY is always a different random-ish IP, unrelated to both my server and the above-mentioned search engine. I suspect this IP has something to do with the server name masking issue.

The only action I've taken is to block some of the search engine's IP. I hope this is enough, though I'm still worried about the fact that some requests generated in my server appear as being originated from other servers.

Any other suggestions would be appreciated. The only useful reference I've found online up until now is: http://www.webmasterworld.com/search_engine_spiders/4612980.htm

Xevi Pujol
  • 117
  • 3

1 Answers1

0

It's the same effect as pointing any random domain name (via DNS or a hosts file) to your server's IP address. For example, if I set up an A record for www.example.com, point it to XXX.XX.XXX.XX, and go to www.example.com, then "www.example.com" will show up as the host in the error log.

What the purpose of this rogue or misconfigured bot is, is anybody's guess, but other than it adding some useless lines to your logs, it doesn't seem to be doing any actual harm.

I would recommend configuring your web server so that it does not serve the content of your default virtual host when a domain is pointed at your server as I described earlier.

See, for example, https://stackoverflow.com/questions/5427379/apache-default-virtualhost.

Community
  • 1
redburn
  • 197
  • 1
  • 7
  • "I would recommend configuring your web server so that it does not serve the content of your default virtual host when a domain is pointed at your server" - Is there a way to do this on IIS6 does anyone know? – Andy Davies Oct 31 '13 at 08:45
  • @AndyDavies http://stackoverflow.com/questions/1028159/how-does-iis-determine-what-website-to-hit-for-localhost – redburn Oct 31 '13 at 09:11