1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Help to understand that row of log

Discussion in 'Traffic Analysis' started by gbonline, Jun 29, 2012.

  1. #1
    hi at all, it'my first post, i'm a newbie in webmaster
    but i would like to know something about a strange rows that i find in the apache access log, something like that:

    86.19.164.185 - - [10/Jun/2012:10:39:01 +0200] "K\xcc\xfb\xef\xb1$cl\vG\x12\\]\xdb\xe7\xf3\x81\x07+W\x1c\xfbqy;C\xce\xcf#\x9c\xdeM\x1c&\x1bU" 400 338 "-" "-"

    94.41.71.125 - - [10/Jun/2012:19:25:43 +0200] "\xa1f\x98\xec" 200 45626 "-" "-"

    186.124.61.185 - - [11/Jun/2012:03:29:26 +0200] "\xf1%\xb2uA:[<d\x15\xe6\xde\x15\xa8\x7f\x1b;m*\xf3\x8a3/H\x9f\xea\x17\xb4i\t\xd6\r\xa7t\x82\xc8;\xae\xe4\xca\xe7f" 400 338 "-" "-"

    86.123.217.229 - - [11/Jun/2012:21:29:27 +0200] "\xb2[Z\xefR_\x0e;\xea\x8b\xbaH&\xebc\x88\xecP\xca\x9b\xb4\xef" 200 45626 "-" "-"

    i found those rows with different sequence of code sometimes with the error 400 but sometimes with the return code 200

    in the error.log there a correspondant row like
    SEMrush
    [Sun Jun 10 10:39:01 2012] [error] [client 86.19.164.185] Invalid URI in request K\xcc\xfb\xef\xb1$cl\vG\x12\\]\xdb\xe7\xf3\x81\x07+W\x1c\xfbqy;C\xce\xcf#\x9c\xdeM\x1c&\x1bU

    for the accees.log row with the 400 return code
    could someone explain what it mean?

    my machine is a debian 5 vm with standard installation of apache2 with suhoshin (like installed from reposistory)
    thank's a lot to all

    Giorgio
     
    gbonline, Jun 29, 2012 IP
    SEMrush
  2. wilderness

    wilderness Member

    Messages:
    43
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    43
    #2
    The URI gibberish is likely some kiddie script.

    There is however a more pressing issue.

    No webmaster should allow any visitors whom fail to abide by RFC Protocol in identifying themselves with a "vaild" User-Agent.
    Blank User-Agents are not vaild.

    At the very end of your log lines are the following "-" "-".
    The first portion is for a blank referral and is quite comon these days.
    The second portion is the blank User-Agen and should be denied access to your site (s).
     
    wilderness, Jul 6, 2012 IP
  3. atxsurf

    atxsurf Peon

    Messages:
    2,394
    Likes Received:
    21
    Best Answers:
    1
    Trophy Points:
    0
    #3
    what language your site in and does it use non-latin characters in URLs? Sometimes robots get confused by unicoded URLs and trying to access such garbage looking urls that obviously don't exist on the server
     
    atxsurf, Jul 29, 2012 IP