DeveloperSide.NET Forums

DeveloperSide.NET => Web.Developer Server Suite Community Edition,
Public Support Forum => Topic started by: whitmaugh on February 20, 2010, 09:50:15 PM



Title: Strange errors in access.log
Post by: whitmaugh on February 20, 2010, 09:50:15 PM
I checked my access.log the other day and this is what I got (these are just snippets of a lengthy log)...
Quote

[Sat Feb 20 21:38:33 2010] [notice] ModSecurity for Apache 2.1.3 configured
[Sat Feb 20 21:38:34 2010] [notice] Apache/2.2.6 (Win32) mod_ssl/2.2.6 OpenSSL/0.9.8g PHP/5.2.5 configured -- resuming normal operations
[Sat Feb 20 21:38:34 2010] [notice] Server built: Sep 20 2007 14:13:35
[Sat Feb 20 21:38:34 2010] [notice] Parent: Created child process 5160
[Sat Feb 20 21:38:36 2010] [notice] ModSecurity for Apache 2.1.3 configured
[Sat Feb 20 21:38:37 2010] [notice] Child 5160: Child process is running
[Sat Feb 20 21:38:37 2010] [notice] Child 5160: Acquired the start mutex.
[Sat Feb 20 21:38:37 2010] [notice] Child 5160: Starting 250 worker threads.
[Sat Feb 20 21:38:37 2010] [notice] Child 5160: Starting thread to listen on port 443.
[Sat Feb 20 21:38:37 2010] [notice] Child 5160: Starting thread to listen on port 80.
[Sat Feb 20 21:38:47 2010] [error] [client 127.0.0.1] (20024)The given path misformatted or contained invalid characters: Cannot map GET
[Sat Feb 20 21:29:40 2010] [error] [client 127.0.0.1] File does not exist: C:/www/vhosts/localhost/ga.js, referer: http://www.brmb.co.uk
[Sat Feb 20 21:36:40 2010] [error] [client 127.0.0.1] File does not exist: C:/www/vhosts/localhost/ga.js, referer: http://www.devside.net/

I've got Malwarebytes and antivirus software, so I'm wondering how this could have happened.

The access.log is pretty much the same:
Quote
127.0.0.1 - - [20/Feb/2010:21:48:32 +0000] "GET /ga.js HTTP/1.1" 404 571 "http://www.malwarebytes.org/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729)"

Surely an external site shouldn't be trying to access my install of Webdeveloper, especially considering it isn't accessible from outside my own PC.

I wonder if it's because I blocked a load of adware via the HOSTS file as:
127.0.0.1   your-adware-here.com

Please can someone help?


Title: Re: Strange errors in access.log
Post by: admin on February 20, 2010, 10:22:48 PM
ga.js is the Google Analytics tracking script.

Quote
I wonder if it's because I blocked a load of adware via the HOSTS file as:

Could be... Anything of the form blocked-domain.tld\... in any webpage or ad display would go to 127.0.0.1


Title: Re: Strange errors in access.log
Post by: whitmaugh on February 20, 2010, 10:43:58 PM
ga.js is the Google Analytics tracking script.

Quote
I wonder if it's because I blocked a load of adware via the HOSTS file as:

Could be... Anything of the form blocked-domain.tld\... in any webpage or ad display would go to 127.0.0.1

Why does access.log show external sites I visited via my browser, and not just the localhost ones I set up with virtualhosts?
I'm confused...


Title: Re: Strange errors in access.log
Post by: admin on February 21, 2010, 02:50:35 PM
The Hosts file will cause the browser to resolve the specified domain names to the IP address of your system (127.0.0.1)...

If you are visiting a site and it has links (to ga.js, to ad servers, etc...) in it's source code that point to hosts that you are "127.0.0.1" in the Windows hosts file, those links will translate to access attempts to your local system / apache.


Title: Re: Strange errors in access.log
Post by: admin on February 21, 2010, 03:18:27 PM
Example: edit the Windows hosts file, add...
127.0.0.1 www.google.com

Save file. Go to the above URL. You should see it in your logs.


Title: Re: Strange errors in access.log
Post by: whitmaugh on February 21, 2010, 04:23:46 PM
Example: edit the Windows hosts file, add...
127.0.0.1 www.google.com

Save file. Go to the above URL. You should see it in your logs.

I see. So if they're blocked as 0.0.0.0 they don't appear in access.log ?


Title: Re: Strange errors in access.log
Post by: admin on February 21, 2010, 05:11:03 PM
I'm not sure what would happen with 0.0.0.0. That usually specifies "all interfaces"/IPs.


Title: Re: Strange errors in access.log
Post by: whitmaugh on February 22, 2010, 02:44:29 PM
I'm not sure what would happen with 0.0.0.0. That usually specifies "all interfaces"/IPs.

Blocking them as 0 seemed to do the trick.