[Scottish] [OT] Strange Apache Log Entries - Can Anyone Identify
?
Jonathan Riddell
scottish at mailman.lug.org.uk
Wed May 21 00:08:00 2003
On Mon, 19 May 2003, William Anderson wrote:
> Jim Jarvie wrote:
> > I've been checking a friends web site logs (apache, obviously) which has
> > EarlyBird installed to catch the Nimda/Code Red IIS worms and mail an
> > auto-complaint to the offenders.
> >
> > However, a new entry has appeared since last week which I've been unable
> > to identify and which EarlyBird ignores. Save from a single mention on
> > the Dshield mailing list which never actually identified the cause I
> > can't find any information to suggest what is happening. These requests
> > have never been seen in the logs before 15 May, tailed off dramatically
> > at the weekend (i.e. Whatever was switched off ?) and have come back
> > big-time today (presumable, switched back on on (!) Monday morning).
> >
> > [snip]
>
> I'm guessing it's people scanning for iTunes 4 servers ...
You could change the log format to combined to confirm this from the
user-agent.
Jonathan Riddell