New Message: Re: Frontier receives many requests for /undefined

webmaster at userland.com webmaster at userland.com
Tue Nov 28 16:10:37 CST 2006 

A new message was posted:

Address: http://manila.userland.com/discuss/msgReader$2127

By: Patrick Schwisow (pschwisow at waukeganschools.org)



Working with the Network Administrator, it was determined that these requests have come from over 100 machines within our school district. It is possible, but not likely, that we are suffering an attack from within the district.

A snippet from the log:

209.7.7.44 - - [28/Nov/2006:09:29:52 -0600] "GET /files/WHS/MarchingBandWsmall.jpg HTTP/1.0" 200 47122
0.0.0.0 - - [28/Nov/2006:09:29:52 -0600] "GET /whs/undefined HTTP/1.0" 404 340
209.7.7.44 - - [28/Nov/2006:09:29:52 -0600] "GET /image.css HTTP/1.0" 304 0
198.111.223.86 - - [28/Nov/2006:09:29:52 -0600] "GET /files/cspchem/CrimeScene.jpg HTTP/1.0" 200 9465
0.0.0.0 - - [28/Nov/2006:09:29:52 -0600] "GET /undefined HTTP/1.0" 200 0
0.0.0.0 - - [28/Nov/2006:09:29:52 -0600] "GET /undefined HTTP/1.0" 200 0
0.0.0.0 - - [28/Nov/2006:09:29:52 -0600] "GET /undefined HTTP/1.0" 200 0
0.0.0.0 - - [28/Nov/2006:09:29:52 -0600] "GET /undefined HTTP/1.0" 200 0
0.0.0.0 - - [28/Nov/2006:09:29:55 -0600] "GET /undefined HTTP/1.0" 200 0
0.0.0.0 - - [28/Nov/2006:09:29:55 -0600] "GET /undefined HTTP/1.0" 200 0
209.7.7.44 - - [28/Nov/2006:09:29:55 -0600] "GET /images/themes/bulletinboard/24headerBG.gif HTTP/1.0" 200 746
0.0.0.0 - - [28/Nov/2006:09:29:55 -0600] "GET /undefined HTTP/1.0" 200 0
209.7.7.44 - - [28/Nov/2006:09:29:55 -0600] "GET /files/WHS/MarchingBandWsmall.jpg HTTP/1.0" 200 47122
0.0.0.0 - - [28/Nov/2006:09:29:55 -0600] "GET /undefined HTTP/1.0" 200 0
209.7.7.44 - - [28/Nov/2006:09:29:55 -0600] "GET /images/themes/bulletinboard/24junction.gif HTTP/1.0" 200 1418
209.7.7.44 - - [28/Nov/2006:09:29:55 -0600] "GET /images/themes/bulletinboard/24junctionBG.gif HTTP/1.0" 200 1413
0.0.0.0 - - [28/Nov/2006:09:29:55 -0600] "GET /undefined HTTP/1.0" 200 0

Since 0.0.0.0 is not a valid IP address I am a bit concerned that blocking it could have other serious effects. I am also concerned that I would simply be masking the problem rather than solving it. Not all of the requests come from 0.0.0.0, but it is by far the most common "source".

Patrick

Dave, I am (somewhat) aware of your role with the company, but I appreciate the fact that you made it clear that you are not the "official" word. (Even though your name appears in the software!)

This is a Manila site... http://manila.userland.com/.

More information about the Manila-Users mailing list