Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Strange loglines in apache log

Posted on 2012-09-21
10
Medium Priority
?
504 Views
Last Modified: 2012-10-02
Hi, i see strange loglines in apache error log like:

[Fri Sep 21 10:00:30 2012] [client 31.x.x.x] File does not exist: /home/xxx/public_html/NULL, referer: http://www.xxx.xxx/xxx.html

The pages are present and seem alright, it happens with legitimate customers, and also just visitors

What makes it direct to /NULL?
0
Comment
Question by:PeterdeB
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 6

Expert Comment

by:g3nu1n3
ID: 38421594
If could be possible that someone has an old link to something you no longer host, or possibly someone just trying to see what you have on your site with maybe like a crawler or scraper. You should further investigate the frequency at which you are getting the requests and IPs they are coming from if not all from the same IP address. If you notice anything suspension in these regards, you can setup a block either using your control panel, firewall, or .htaccess file.

If you are savvy enough, or have assistance, you can create a script to specifically log requests to the URL returning these errors or the referrers/IPs that are causing the server to generate them.
0
 
LVL 81

Expert Comment

by:arnold
ID: 38421771
Your server's log settings are limiting to a point that it is not clear what the request was that it received.
Resetting the log to reflect more detail on the request.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 1332 total points
ID: 38423667
Are there any redirects set on the referring page?
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 

Author Comment

by:PeterdeB
ID: 38424333
Hi, thanks all, I think I have found the error, but I am already satisfied somewhat if I can assure that it is not some kind of virus or succesful hacking attempt. Could the info down under, result in the NULL loglines?

URL   `http://www.cameratotaal.com/tell_a_friend.php' 
Parent URL  {http://www.cameratotaal.com/yongnuo-wireless-remote-control-d300d3-p-1540.html}, line 464, col 40 ({HTML}) ({CSS}) 
Base  http://www.cameratotaal.com/ 
Real URL  {http://www.cameratotaal.com/-p-.html?osCsid=32f08a3a32814bd3726e82896e3730a3} 
Size  25.66KB 
Check time  1.930 seconds 
Info  Redirected to `http://www.cameratotaal.com/-p-.html?osCsid=32f08a3a32814bd3726e82896e3730a3'.
Server `Apache/2' did not support HEAD request; a GET request was used instead. 
Warning  HTTP 301 (moved permanent) encountered: you should update this link. 
Result  Error: recursive redirection encountered: http://www.cameratotaal.com/tell_a_friend.php => http://www.cameratotaal.com/-p-.html?osCsid=32f08a3a32814bd3726e82896e3730a3 => http://www.cameratotaal.com/-p-.html?osCsid=32f08a3a32814bd3726e82896e3730a3 

Open in new window

0
 
LVL 6

Expert Comment

by:g3nu1n3
ID: 38427157
Are you sure the .html files referenced here belong to you? tell_a_friend.php has been heavily exploited.
0
 

Author Comment

by:PeterdeB
ID: 38444671
hey yes they belong to me, how can they exploit it?
0
 
LVL 81

Assisted Solution

by:arnold
arnold earned 668 total points
ID: 38444775
Tell a friend is presumably an email/sms gateway.
It can be used to spam.
HTML are usually static it tems of processing, some requests have ?query_string_data this suggests either a search engine messed up by not stripping their identifier when redirecting or your setup is such that the site config is to pass all requests to an internal script.
0
 
LVL 48

Accepted Solution

by:
Tintin earned 1332 total points
ID: 38447870
According to http://redirectdetective.com/ you have a redirect loop.
0
 

Author Comment

by:PeterdeB
ID: 38455276
Everyone thanks for helping me out
0
 

Author Closing Comment

by:PeterdeB
ID: 38455293
Thanks
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question