Hi there,

Looking through my server stats I've ntoiced a few weird referers, most notably:

xxxx:++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

And also:

Field blocked by Outpost (http://www.agnitum.com)

I understand Outpost is a firewall but how does that relate to referers? Would this be a direct request by someone using Outpost maybe?

i've got a proxy that says it has an option to block referrers. i've never tried ( probably never will ), but as i understand it, it messes with the http header. i'm guessing that Outpost is doing the same, and almost assuredly at the user's request. as for the other one, i would guess it's probably the same type of thing

Some http filtering softwares, proxies or firewalls remove some headers, either for security, privacy or client restrictions. Referer, User-Agent and Server are common to blank out or edit.

Nimda leaves strings of X's. I'll post a line from my log (wrapped so the forum isn't screwed up). Was it anything like this?
217.34.182.179 - - [29/Mar/2003:22:23:33 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb d3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 267