hwg-servers archives Dec 1999 new search results previous next

Re: Apache Log question

by "Diana Petersen" <dixiedi(at)pclnet.net>

 Date:  Fri, 3 Dec 1999 11:10:08 -0000
 To:  <hwg-servers(at)hwg.org>
 References:  nidlink rcbowen
  todo: View Thread, Original 
I thought that was the cause of the problem, but my response is not to the
question, but the answer! I've had a problem with folks leaving their custom
graphics on my site. I think you just gave me the answer to the problem! I
won't use anything vulgar, but can you picture a Arabian horse farm with a
really horrible logo I made for a kid into punk rock, something about wicked
clowns (?) ... I love it, thanks!
Diana
http://www.webdesigns-4-you.com/
----- Original Message -----
From: "Rich Bowen" <rbowen(at)rcbowen.com>
To: "Bob Minnick" <bobmin(at)nidlink.com>
Cc: <hwg-servers(at)hwg.org>
Sent: Friday, December 03, 1999 3:28 PM
Subject: Re: Apache Log question


> Bob Minnick wrote:
> >
> > Friends,
> >  While going thru both the log entries (in raw format) and the analyzer
> > output, I came to the suspicision that someone may be helping themselves
> > to some of our bandwidth by re-using our images. The log files weren't
> > much of a help in the matter, although there was one consistant entry
> > which was wierd to say the least.
> >
> >  This entry;
> >
> > cf1.texas.rr.com - - [03/Dec/1999:03:15:34 -0500] "GET
> > /bc/images/IMG00001.GIF HTTP/1.0" 200 7039 "-" "Mozilla/3.01 (compatib
> > le;)"
> >
> >  The image IMG0001.GIF is one of the images we suspect someone of
> > "borrowing" and this is the entire entry for this particular access. I
hope
> > you'll note this is an improper log entry, no referrer is listed. And in
fact,
> > the origin point, cf1.texas.rr.com seems to be nonexistant as well.
> >
> >  I am curious as to why an incomplete entry exists in the apache logs,
and
> > if there is any way of tracing down this particular entry to find the
correct
> > point. I will also point out that in regard to the images in question,
this
> > entry is the ONLY log entry which does not refer back to our calling
html.
> >
> >  Any thoughts?
>
> A log entry with no referer simply means that the image was fetched by
> someone (or a bot) fetching a URL directly. For example, typeing in the
> address directly. Or a bot that is simply not configured to send the
> REFERER information, such as Perl/LWP or some other program.
>
> Your first response should be to either remove/rename the image, or,
> better yet, replace it with a multi-megabyte full color picture of, say,
> your goldfish. That should make them stop real quick.
>
> Secondly, you should contact webmaster(at)rr.com and inform him/her of this
> activity, and put in a few gentle reminders about international
> copyright law. Might not apply, but usually gets something done. rr.com
> is an ISP, and so cfl.texas.rr.com is probably a proxy or dialup host
> that is behind their firewall, and hence unreachable to you. This does
> not mean that the host does not exist, it's just invisible to you.
>
> There's a good chance that the ISP will just handle this for you, and
> this behavior will stop. If that does not happen, Apache makes it very
> easy for you to deny requests from a particular host. In the affected
> directlry, put a .htaccess file containing:
>
> order allow,deny
> allow from all
> deny from rr.com
>
> Or, if you want to be a little more friendly (to rr.com users in
> general) use
>
> deny from texas.rr.com
>
> This will solve the problem immediately, as that host will be unable to
> get these files no matter what tricks they employ.
>
> Rich
> --
> http://www.ApacheUnleashed.com/
> Lexington Perl Mongers - http://lexington.pm.org/
> PGP Key - http://www.rcbowen.com/pgp.txt
>

HWG: hwg-servers mailing list archives, maintained by Webmasters @ IWA