HomeBuilding Your WebsiteServer Management

Something I don't understand in my log file

needforspeed posted this at 21:21 — 7th July 2005.

They have: 6 posts

Joined: Jul 2005

70.85.219.82 - - [07/Jul/2005:01:01:17 -0500] "GET <a href="http://premiumproxies.com/scan_test/?check_hash=427637a2d13de9bc09b1415f1d40a1ca" class="bb-url">http://premiumproxies.com/scan_test/?check_hash=427637a2d13de9bc09b1415f1d40a1ca</a> HTTP/1.0" 404 7996 "-" "-"
70.85.219.82 - - [07/Jul/2005:01:01:18 -0500] "CONNECT 67.19.242.90:80 HTTP/1.0" 200 7462 "-" "-"
217.107.222.75 - - [07/Jul/2005:01:15:41 -0500] "GET / HTTP/1.1" 403 301 "http://dating-s.net/umax/sitemap/" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MRA 4.1 (build 00975))"            
'

I have these lines in my log file and I can't find any info on premiumproxies.com or why/how GET is supposed to get that on my server. I've googled and got nothing, loading that page in a browser just gives me numbers and letters, and premiumproxies dot com is a blank page. I also don't understand the CONNECT in the log, I know GET though.

Also, dating-s dot net has been referring people to my site like crazy, but a link to my site isn't on there. Anybody know anything about that site? When I google for info on it I get a bunch of posts made that are linking to it, looks like a spam referrer bot or something. I've got a lot of other entries in my log for insertsomewordhere.dating-s.net and it looks like there is another site that is doing it too (somthing.bin.ru), both started at around the same time. I've setup a .htaccess file that gives *.dating-s.* a 403 error.

Just looking for some help here, I just signed up Smiling Wish I would have known about this site before!

CptAwesome posted this at 22:58 — 7th July 2005.

CptAwesome's picture

He has: 370 posts

Joined: Dec 2004

I haven't seen any info on Premium Proxies, but could be that it's some sort of proxy server? and it gathers the info from your site, and passes it back to whoever is using it? That or not passing info back, just posting info to your page from some sort of spam bot.

dating-s is probably the same idea, trying to find sites to spam.

As for the CONNECT, I found an article on it: http://www.kb.cert.org/vuls/id/150227

needforspeed posted this at 23:13 — 7th July 2005.

They have: 6 posts

Joined: Jul 2005

Thanks for the reply and link. It looks like the link is saying that it could be used inappropriately, but Apache is not vulnerable. I learned more about these spam bots, I wonder if using the .htaccess to redirect these hits back to themselves to waste their own bandwidth would be a good idea? I'll just let it return the 403 error for now.

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.