-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My web logfile has these strange entries coming from the same IP
address, all relatively close together, but not so close that it looks
automated:
GET /spotcheckframe.php?device_id=557202&cnt=8
HEAD /spotcheck.php
GET /spotcheck.php_files/header_top.jpeg
GET /
POST /login.php
GET /index.html
GET /reportspec.php
GET /reportspec.php_files/header_top.jpeg
GET /viewdevices.php
GET /viewdevices.php_files/header_top.jpeg
This is the browser ID:
"Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU; rv:1.7) Gecko/20040803
Firefox/0.9.3"
Things I don't get:
1) Why the "HEAD" request for the page you just got the full version of
(a page that they requested several times before)?
2) Why request "/" and then "/index.html"? They would have had to
manually type "/index.html", there isn't a link to it on our site I
don't think.
3) What is with the mangled file names right after the correct name is
requested (e.g. "reportspec.php" followed by
"reportspec.php_files/header_top.jpeg")?
4) Where did "header_top.jpeg" come from anyway, the file on our server
is ".jpg", not ".jpeg"?
5) What is the "ru-RU" add-in for FireFox?
If anyone can shed some light on this I would appreciate it.
- --
Thank you,
Kirby Angell
Get notified anytime your website goes down!
http://www.alertra.com
key: 9004F4C0
fingerprint: DD7E E88D 7F50 2A1E 229D 836A DB5B A751 9004 F4C0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBnAlG21unUZAE9MARAtEuAJ9YbtjrZzBshKUPHm7MUKoDn5a50ACfV2A3
Lpuvd/tC+EGgyRDclJ6OIus=
=f/tA
-----END PGP SIGNATURE-----
