PDA

View Full Version : Error_log Message Question



RMD
07-06-2010, 11:38 PM
I'm seeing varying IP entries resulting in errors. It's hitting the same page simultaneously several times, then moving to another page and repeating the simultaneous access. I used DomainTools.com to check a few. They're all from a satellite company. One IP was on a dedicated server with 1 or 2 domains (which didn't load). Entries are like this:

File does not exist: /var/www/html/static, referer: http:// mysite.com/mypage.html (most are like this)

File does not exist: /var/www/html/js, referer: http:// mysite.com/mypage.html

File does not exist: /var/www/html/__utm.gif, referer: http:// mysite.com/mypage.html

The pages are all live, functioning pages. Can anyone shed any light on this?

wildjokerdesign
07-07-2010, 06:39 AM
__utm.gif is part of Google Analytics. Does that shead any light on things for you. :) Have a look at this post over at Webmaster World http://www.webmasterworld.com/google_adwords/3584692.htm

RMD
07-07-2010, 06:48 AM
Actually, no. I don't use Google Analytics.

wildjokerdesign
07-07-2010, 06:54 AM
What type of htm pages are they? Do they perhaps display anything from another site like images or RSS feeds?

RMD
07-07-2010, 09:53 PM
It's an affiliate site, so pages may contain banners from merchants. However, most of the pages being hit do not have banners from other merchants. The utm.gif reference does not occur frequently, it's the var/www/html/static that appears the most, then the /js & then /pagead.

wildjokerdesign
07-08-2010, 07:00 AM
Well it is not uncommon for hackers/spammers to look for URL's on domains that they know might have something like a form or script that they can abuse. Nothing you can really do about that aside from make sure that any scripts are forms you do use are secure. :) I wouldn't worry about it.

RMD
07-08-2010, 08:01 AM
I'm in the process of banning such IPs & other bots as in the past 2-3 months, I started regularly receiving "server reached MaxClients setting" and my site wasn't reacheable until they left. This has substantially reduced the problem.

wildjokerdesign
07-08-2010, 10:08 AM
Ahh... ok I see. Don't forget that spammers and hackers are normally fake their IP. Banning by IP can lock out a real user. It looks like you are researching the IP's so that may not be an issue for you but wanted to mention it. Say the IP traces back to something like road runner or some other ISP, then it could mean that it was faked by the spammer.

RMD
07-08-2010, 03:54 PM
Yes, I do realize that, but always appreciate the reminder. It's so easy to forget the obvious when you're stressed out, and believe me, I've made that mistake before.

Am carefully checking what I can, as far back as I can. I've seen U.S. IPs that traced back to Africa/Asian/Middle East ownership. It's a complicated stew, but I'm muddling my way through. There were a lot of other things to fix or tweak as well, but all seems to be calming down (sssssshh!).