I've got a naaaaasty search engine that has added me to their submission list and I get 100's of submissions hourly for my links index CGI script. (READ: SPAM!!) I re-named the script so it just comes up as a cgi-wrap error. Is there a way to track down the referer? I'm on a Raq4i and have .htaccess set up for 404 finders.

Thanks!!

you could run urchin, or webalizer.. or some other log program to track the referrers..

Originally posted by RaQRob
you could run urchin, or webalizer.. or some other log program to track the referrers..

I don't have webalizer, but is urchin a command you type in telnet?

No, a paid analyzing script (similar to webalizer). Not all that inexpensive either if memory serves me right. might just want to install webalizer if that's what you're looking for. I wasn't sure from reading the post.

Couln't you just look at your access log? I would use more or tail to look at my access log and get the ip/hostname.....

more /var/log/httpd/access
or
tail -f /var/log/httpd/access

Originally posted by indyjon
Couln't you just look at your access log? I would use more or tail to look at my access log and get the ip/hostname.....

more /var/log/httpd/access
or
tail -f /var/log/httpd/access

Well, I'm kind of at a loss here. I tried this and the data scrolls so quickly that I can't read it! Here is an example of some of the data:

.0b; MSNIA; Windows 98; Win 9x 4.90)"
www.duchovny.net 209.186.151.244 - - [21/Jan/2002:20:24:20 -0600] "GET /images5/pool/go.gif HTTP/1.1" 302 235 "http://www.leonionline.com/photos/mags6.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)"
www.leonionline.com 209.186.151.244 - - [21/Jan/2002:20:24:20 -0600] "GET /graphics/angelina.gif HTTP/1.1" 302 240 "http://www.leonionline.com/photos/mags6.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)"
www.wilson-brothers.com 66.19.65.84 - - [21/Jan/2002:20:24:20 -0600] "GET /owen/snpics.html HTTP/1.1" 200 2367 "http://www.wilson-brothers.com/owen/pictures.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
www.keanu.org 162.83.243.154 - - [21/Jan/2002:20:24:20 -0600] "GET /ssi/style.css HTTP/1.1" 302 226 "http://www.keanu.org/photos/sessions/sessions6.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)"
xfphotos.fredfarm.com 66.130.201.79 - - [21/Jan/2002:20:24:20 -0600] "GET /season2/ascension/index0004.html HTTP/1.1" 200 11258 "http://xfphotos.fredfarm.com/season2/ascension/index0003.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)"
tere.fredfarm.com 63.25.107.15 - - [21/Jan/2002:20:24:20 -0600] "GET /collages/duo/you_are_everything.jpg HTTP/1.1" 200 209355 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
www.keanu.org 162.83.243.154 - - [21/Jan/2002:20:24:20 -0600] "GET /store/2002calendar.jpg HTTP/1.1" 302 235 "http://www.keanu.org/photos/sessions/sessions6.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)"
www.celebrity-exchange.com 24.64.196.170 - - [21/Jan/2002:20:24:20 -0600] "GET /men/ads/ads.pl?iframe;member=jamiee HTTP/1.1" 200 275 "http://vin.gerl.org/" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; MSN 6.1; MSNbMSFT; MSNmen-ca; MSNc00)"
www.duchovny.net 64.12.97.6 - - [21/Jan/2002:20:24:20 -0600] "GET /mulder/episodes/suz/suz114tn.jpg HTTP/1.0" 200 4699 "http://www.duchovny.net/mulder/mulder18.htm" "Mozilla/4.0 (compatible; MSIE 5.0; AOL 5.0; Windows 98; DigExt)"
www.leonionline.com 209.186.151.244 - - [21/Jan/2002:20:24:20 -0600] "GET /graphics/excellence.gif HTTP/1.1" 302 242 "http://www.leonionline.com/photos/mags6.htm" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)"
www.duchovny.net 64.228.42.136 - - [21/Jan/2002:20:24:20 -0600] "GET /graphics/netspace.gif HTTP/1.0" 302 225 "http://shippers.fredfarm.com/multimedia/index.htm" "Mozilla/4.75 [en]C-SYMPA (Win98; U)"
www.duchovny.net 24.77.121.27 - - [21/Jan/2002:20:24:20 -0600] "GET /graphics/netspace.gif HTTP/1.1" 302 237 "http://www.duchovny.net/photos/awards/index.htm" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98; Compaq)"
www.duchovny.net 24.77.121.27 - - [21/Jan/2002:20:24:20 -0600] "GET /images5/pool/sitesearch.gif HTTP/1.1" 302 243 "http://www.duchovny.net/photos/awards/index.htm" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98; Compaq)"
www.duchovny.net 162.83.243.154 - - [21/Jan/2002:20:24:20 -0600] "GET /graphics/netspace.gif HTTP/1.1" 302 237 "http://www.keanu.org/photos/sessions/sessions6.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)"

What exactly am I looking for? :bawling:

OK, I found an IP address using the disabled script. Now how do I find out who owns it? <sheepish grin>

www.celebrity-exchange.com 24.38.180.165 - - [22/Jan/2002:22:07:09 -0600] "GET /links/directory/add.cgi HTTP/1.0" 200 29386 "http://www.celebrity-exchange.com/" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98)"
www.celebrity-exchange.com 24.38.180.165 - - [22/Jan/2002:22:07:09 -0600] "GET /links/directory/add.cgi HTTP/1.0" 200 29386 "http://www.celebrity-exchange.com/" "Mozilla/4.0 (compatible; MSIE 6.0b;

OK, I figured that an IP address was the same as a domain name so I went to a WHOIS search and entered the addresses. Well, my problem now is that there isn't just one singled out address! There are several. A different one everytime I catch one. Does anyone know what this means? :bawling: HELP!