View Full Version : xxxx:+++++++++ (Odd server stats)

03-29-2003, 11:38 PM
Hi there,

Looking through my server stats I've ntoiced a few weird referers, most notably:


And also:

Field blocked by Outpost (http://www.agnitum.com)

I understand Outpost is a firewall but how does that relate to referers? Would this be a direct request by someone using Outpost maybe?

03-29-2003, 11:43 PM
i've got a proxy that says it has an option to block referrers. i've never tried ( probably never will ), but as i understand it, it messes with the http header. i'm guessing that Outpost is doing the same, and almost assuredly at the user's request. as for the other one, i would guess it's probably the same type of thing

03-29-2003, 11:44 PM
Some http filtering softwares, proxies or firewalls remove some headers, either for security, privacy or client restrictions. Referer, User-Agent and Server are common to blank out or edit.

03-30-2003, 04:44 AM
Nimda leaves strings of X's. I'll post a line from my log (wrapped so the forum isn't screwed up). Was it anything like this? - - [29/Mar/2003:22:23:33 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb d3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 267