forum.excito.org

I have logwatch set up to email me a breakdown of everything that's happened on my B3 in the last 24 hours. One of the things it does is list all the 404 requests logged by Apache.

There's often 404s for URLs like /phpmyadmin and such like which make sense, but also there are often 404s logged for completely different domains. For example, this morning it's logged a 404 for http://www.cookham.com/about/images/resurrection1.jpg. Can anyone explain what that's about? cookham.com is a genuine domain and that particular URL does exist. Just to be clear, I have absolutely nothing to do with this domain.

Thanks.

I would say that someone somewhere in the world has problems with their DNS so that www.cookham.com points to your IP instead of where it's supposed to point. Kinda weird, but it doesn't feel like anything for you to worry about.

/Daniel

DanielM wrote:I would say that someone somewhere in the world has problems with their DNS so that http://www.cookham.com points to your IP instead of where it's supposed to point. Kinda weird, but it doesn't feel like anything for you to worry about.

/Daniel

That's an interesting idea. Now I'm wondering if all these requests are coming from the same person or subnet. Unfortunately, logwatch doesn't tell me what IP address the requests are coming from. I will delve into the Apache logs to see if there's anything in there.

If you see this a lot, it might be worthwhile to create your own 404 page that does specialized logging for this in csv format so you can easily analyze in any spreadsheet application. It might even be you

OK, I got the IP addresses from the apache logs and I've done a whois on the first handful and got quite a range of results - some from Russia, Latvia, Sweden and the USofA. The one that gets more hits than all others is from China. Very weird.