PDA

View Full Version : repeated strange request to my webserver

raf
03-18-2004, 03:24 PM
I have a webserver running on my developmentmachine. This machine is connected to the web using a dynamic IP.

For a few hours now, i get request on port 80 (webserever) and always from the same IP (italien (rome) user). I block all request that come from another remote host because noone else has business on this webserver.

Because the request kept comming in each 5 minutes or so, i allowed it once to look at what page it requested.

This is the resulting record in my apache log

62.101.90.60 - - [18/Mar/2004:16:17:34 +0100] "GET /.hash=84fda4a217e032c82b38856ea00418f7f4af197c HTTP/1.1" 403 322

So the client got a 403 ("access forbidden, means that a request for a "bare" directory path has been made, no default directory index page is present and the site manager does not want a file listing displayed in its place").

What intiges me is filerequest
/.hash=84fda4a217e032c82b38856ea00418f7f4af197c

Anyone knows what the function of this hash etc is?
Spookster
03-18-2004, 04:00 PM
Looks like a p2p filesharing request. Typically Kazaa or WinMX. These programs have features to initiate downloads through the web by creating a link with a hash to identify a particular file. The p2p program creates a unique hash for each file. Somebody probably made a typo in the URL so the request is getting sent to your server instead.
raf
03-18-2004, 04:29 PM
Thanks for the info about the hash.

I looked into this because the request kept comming in (about every 5 minutes) which makes me think this is an automatically generated request. No big deal anyway ...
Spookster
03-18-2004, 04:53 PM
Maybe automated or it could just be many people clicking on the link.

Here is some more info on it

http://kazaasearch.narod.ru/KazaaHTTP.htm

Could even be that program which is some kind of automated search managment program for Kazaa.

http://kazaasearch.narod.ru/
firepages
03-19-2004, 12:16 AM
Its actually Spookster trying to hack you , but don't tell him I told you cos he gets quite agressive ;)
Spookster
03-19-2004, 12:46 AM
Originally posted by firepages
Its actually Spookster trying to hack you , but don't tell him I told you cos he gets quite agressive ;)

Shhhhhhhhhhh!!!!!!!! You gonna get us all busted. We're using PHPDev to do it so guess what you are now an accessory to the crime. :D
raf
03-19-2004, 01:09 AM
Originally posted by firepages
Its actually Spookster trying to hack you , but don't tell him I told you cos he gets quite agressive ;)
To late ! I already included that trojan you gave me, in all my pages. You know, the one that fills your complete screen with 'Firepages is here to turn up the heat!'.
I hope he'll at least goes after you first :D