Results 1 to 13 of 13
  1. #1

    hundreds of errors in error log?

    I have a client who has been looking at his error logs through cpanel and is noticing hundreds of errors per day many of which don't make any sense. All coming from a few IP addresses. Many of them are requests to directories that do not have an index.html file. There would be no reason to request such a path by clicking through the site, since links go direclty to the files within the directories.

    Here is an example of one of the error lines:
    [Thu Nov 6 11:09:58 2003] [error] [client 65.102.23.169] Directory index forbidden by rule: /home/drbon/public_html/Information/allergies/

    Any ideas what this might be?

  2. #2
    Join Date
    Aug 2002
    Location
    UK
    Posts
    846
    Yes, someone is trying to view the contents of the website, I know if I view a page on a site and want the index I drag my mouse upwards (in firebird with radialcontext it goes up a level)

    I take it you know what the error means?

  3. #3
    Yes. I know what it means. But it doesn't make sense. There are so many, every day. He doesn't get that much traffic. That's not typical browsing behavior.

  4. #4
    Join Date
    Aug 2002
    Location
    UK
    Posts
    846
    Look at the times and IPs, any correspondance or correlation?

  5. #5
    Yes. They come in groups. Minutes apart.
    Same IP except the last three digits change rotating through 3 or 4 different IPs.

    Here's a whole bunch of examples:
    1:09:59 2003] [error] [client 65.102.23.161] Directory index forbidden by rule: /home/drbon/public_html/Information/allergies/
    [Thu Nov 6 11:09:59 2003] [error] [client 65.102.23.153] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:59 2003] [error] [client 65.102.23.153] Directory index forbidden by rule: /home/drbon/public_html/Information/allergies/
    [Thu Nov 6 11:09:58 2003] [error] [client 65.102.23.169] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:58 2003] [error] [client 65.102.23.169] Directory index forbidden by rule: /home/drbon/public_html/Information/allergies/
    [Thu Nov 6 11:09:58 2003] [error] [client 65.102.12.225] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:58 2003] [error] [client 65.102.12.225] Directory index forbidden by rule: /home/drbon/public_html/Information/allergies/
    [Thu Nov 6 11:09:55 2003] [error] [client 65.102.23.161] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:55 2003] [error] [client 65.102.23.161] Directory index forbidden by rule: /home/drbon/public_html/Information/allergies/
    [Thu Nov 6 11:09:43 2003] [error] [client 65.102.23.161] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:43 2003] [error] [client 65.102.23.161] Directory index forbidden by rule: /home/drbon/public_html/Information/eating_disorders/
    [Thu Nov 6 11:09:42 2003] [error] [client 65.102.23.153] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:42 2003] [error] [client 65.102.23.153] Directory index forbidden by rule: /home/drbon/public_html/Information/eating_disorders/
    [Thu Nov 6 11:09:42 2003] [error] [client 65.102.23.169] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:42 2003] [error] [client 65.102.23.169] Directory index forbidden by rule: /home/drbon/public_html/Information/eating_disorders/
    [Thu Nov 6 11:09:42 2003] [error] [client 65.102.12.225] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:42 2003] [error] [client 65.102.12.225] Directory index forbidden by rule: /home/drbon/public_html/Information/eating_disorders/
    [Thu Nov 6 11:09:41 2003] [error] [client 65.102.23.161] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:41 2003] [error] [client 65.102.23.161] Directory index forbidden by rule: /home/drbon/public_html/Information/eating_disorders/
    [Thu Nov 6 11:09:30 2003] [error] [client 65.102.23.161] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:30 2003] [error] [client 65.102.23.161] Directory index forbidden by rule: /home/drbon/public_html/Information/sleep_disorders/
    [Thu Nov 6 11:09:29 2003] [error] [client 65.102.23.153] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:29 2003] [error] [client 65.102.23.153] Directory index forbidden by rule: /home/drbon/public_html/Information/sleep_disorders/
    [Thu Nov 6 11:09:29 2003] [error] [client 65.102.12.225] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:29 2003] [error] [client 65.102.12.225] Directory index forbidden by rule: /home/drbon/public_html/Information/sleep_disorders/
    [Thu Nov 6 11:09:29 2003] [error] [client 65.102.23.169] File does not exist: /home/drbon/public_html/403.shtml
    [Thu Nov 6 11:09:29 2003] [error] [client 65.102.23.169] Directory index forbidden by rule: /home/drbon/public_html/Information/sleep_disorders/

  6. #6
    Join Date
    Aug 2002
    Location
    UK
    Posts
    846
    From that, I would say it's either automated software, or some crazy client, what's the client header?

  7. #7
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    3,100
    It is some kind of spider.

    Web content International WEBCO-4-2-PDX (NET-65-102-23-152-1)

    I would block these IPs right on firewall.
    65.102.23.152 - 65.102.23.159
    65.102.12.224 - 65.102.12.231

  8. #8
    That was my suspicion. Where did you get this data:

    Web content International WEBCO-4-2-PDX (NET-65-102-23-152-1)

    I will suggest IP blocking to the client since he can do that himself through his control panel.

    Thanks!

  9. #9
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    3,100
    Originally posted by remorse
    That was my suspicion. Where did you get this data:

    Web content International WEBCO-4-2-PDX (NET-65-102-23-152-1)
    ethx@monalisa:ethx$ whois 65.102.23.153
    U S WEST Internet Services USW-INTERACT99-2BLK (NET-65-100-0-0-1)
    65.100.0.0 - 65.103.255.255
    Web content International WEBCO-4-2-PDX (NET-65-102-23-152-1)
    65.102.23.152 - 65.102.23.159

    # ARIN WHOIS database, last updated 2003-11-06 19:15

  10. #10
    Hm. You got me. When I do a whois on those IPs I get no result.

  11. #11
    Never mind. I get it. ARIN whois database. Thanks.

  12. #12
    I am having exactly the same problem. I cannot believe the previous post was from 2003. Here we are more than two years later and it is still going. From the same IP addresses! Plus a couple more: 71.39.13.57 and 65.102.12.225. How can we stop these people? Unfortunately I cannot block these IP addresses at my gateway or my server. Neither firewall will let me block individual IP addresses. (Qwest Actiontec DSL gateway and Windows XP Professional firewall). I am using IIS 5.1 which has that feature greyed out. As far as I can see, all he is doing is cluttering up my log. He is using very little bandwidth and is not blocking my site. So I dont get it. He apparently has a script which generates a GET /(folder) over and over. All it gets him is a 403. Still, its a pain. All suggestions gratefully accepted. (All his IPs are Qwest, by the way).

  13. #13
    Join Date
    Nov 2005
    Posts
    188
    /robots.txt
    apex13 - http://www.apex13.com/
    stream13 - coming soon

  14. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •