[thelist] Weird 404s - not from our server
Paul Cowan
paul at wishlist.com.au
Mon Jun 25 20:36:11 CDT 2001
Hi all,
This is not really an important issue, but I'd love to hear some ideas.
A little while ago, I set up a custom 404 handler in IIS, so that when any
404 error occurs, our development team get emailed:
- The URL accessed
- The "MemberID" of the logged-in member
- Any query parameters
- Any CGI server variables.
- etc.
This seems a bit excessive, but it's worth it for the reaction you get when
a webmaster somewhere puts a broken link to our site live, and we email them
within a few minutes pointing out their error... also helps us keep our
internal links tidy, spot missing images, etc.
Anyway, the problem is, ever since inception, we get emails like the
following (this example chosen for its outlandishness):
[AUTOMATED MESSAGE] A customer tried to access the following page:
URL Accessed: http://hardcore.sexplanets.com/buran/t111.jpg
HTTP Referrer: [Direct Link]
Member ID: [NULL]
Server: our.server.ip.here
User IP Info: some.user.ip.info
Server Variables:
=================
HTTP_ACCEPT:*/*
HTTP_CONNECTION:keep-alive
HTTP_HOST:hardcore.sexplanets.com
HTTP_USER_AGENT:Mozilla/4.75 [en] (Windows 5.0; U)
HTTP_VIA:some-proxy-server.somewhere.blob
HTTP_CACHE_CONTROL:public
HTTP_X_FORWARDED_FOR:some.user.private.ip.here
... etc ...
(it is not recommended that you visit hardcore.sexplanets.com during working
hours).
So, my question is this: hardcore.sexplanets.com does not resolve to our IP
address. How on earth is our server getting HTTP requests for that site?
This happens moderately often (several times a week), often with multiple
sites in the space of a few minutes. It's possible someone has a dodgy DNS
that is somehow thinking that hardcore.sexplanets.com actually has our IP
address -- but this doesn't seem to fit.
It's not a particular ISP or anything either. My best guess is that the
browser in question has some thread-safety issue, where it mistakenly sends
request from window A (lustily browsing hardcore.sexplanets.com) through to
window B (innocently browsing wishlist.com.au), but it doesn't seem to be
right - we've had requests do this from both NS 4 and IE 5 in the past, so
it's unlikely to be a browser problem.
Any ideas? How would we be getting, from a variety of sources, HTTP requests
which don't even belong to our server?
Help.....
Cheers,
Paul Cowan
wishlist.com.au
More information about the thelist
mailing list