I'm doing a study of log-files from an Apache server. Here is one of the lines out of the logfiles i have.
87.118.96.104 - - [16/Jul/2008:06:28:08 +0800] "GET
http://scissec.scis.ecu.edu.au/educom/themes/Prairie/images/.tmp/index.php?p=cheap-zyrtec HTTP/1.0" 400 226 "
http://scissec.scis.ecu.edu.au/educom/themes/Prairie/images/.tmp/index.php?p=cheap-zyrtec" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050224 Firefox/1.0.2"
I would like to know why this request looks like it comes from
http://scissec.scis.ecu.edu.au/educom/themes/Prairie/images/.tmp/index.php?p=cheap-zyrtec" when that has nothing to do with the site.
I can see the status code returned was 400, so the request was invalid, but i'm curious to know how the
p=cheap-zyrtec got there? It is probably possible for someone to type it, but is there another way it can appear automatically?
Also what does the
Gecko/20050224 Firefox/1.0.2 mean?
It means that the request came from someone using Mozilla FireFox browser version 1.0.2