This morning, Webalizer went nuts with a whole bunch of "Warning: Truncating oversized request field [line number]" messages. Over 450K worth. An investigation of my Apache logs shows requests like these: 130.225.77.30 - - [11/May/2001:12:17:26 -0800] "GET /sic/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stugov/stuweb.shtml HTTP/1.0" 401 4292 "-" "Mozilla 4.0 (compatible; HttpTool/0.1)" A lot of the requests are good, it looks like he was trying to traverse the tree. Every now and then, there are requests of the form: /~EgggNoggg/Testing/?D=A Is the ?D=A testing for some hole? Here are some other odd ones 130.225.77.30 - - [11/May/2001:11:33:06 -0800] "GET/~havolina/%20%20%20%20%20%20%20http://www.cicv.fr/creation_artistique/online/orlan/index.html HTTP/1.0" 404 386 "-" "Mozilla 4.0 (compatible; HttpTool/0.1)" 130.225.77.30 - - [11/May/2001:11:34:37 -0800] "GET /~ftrtp/?N=A HTTP/1.0" 200 698 130.225.77.30 - - [11/May/2001:11:34:37 -0800] "GET /~ftrtp/?N=A HTTP/1.0" 200 698 "-" "Mozilla 4.0 (compatible; HttpTool/ 0.1)" 130.225.77.30 - - [11/May/2001:11:34:40 -0800] "GET /~ftrtp/?M=D HTTP/1.0" 200 698 130.225.77.30 - - [11/May/2001:11:34:40 -0800] "GET /~ftrtp/?M=D HTTP/1.0" 200 698 "-" "Mozilla 4.0 (compatible; HttpTool/ 0.1)" 130.225.77.30 - - [11/May/2001:11:34:42 -0800] "GET /~ftrtp/?S=D HTTP/1.0" 200 698 130.225.77.30 - - [11/May/2001:11:34:42 -0800] "GET /~ftrtp/?S=D HTTP/1.0" 200 698 "-" "Mozilla 4.0 (compatible; HttpTool/ 0.1)" 130.225.77.30 - - [11/May/2001:11:34:45 -0800] "GET /~ftrtp/?D=D HTTP/1.0" 200 698 130.225.77.30 - - [11/May/2001:11:34:45 -0800] "GET /~ftrtp/?D=D HTTP/1.0" 200 698 "-" "Mozilla 4.0 (compatible; HttpTool/ 0.1)" Yes, I realized these are 11/May. These must have been buried under some other error messages in Webalizer, so I didn't catch them until now. Sorry. Any pointers would be great j----- k----- -- Joshua Kugler Associated Students of the University of Alaska Fairbanks Information Services Director isdat_private 907-474-7601
This archive was generated by hypermail 2b30 : Tue May 22 2001 - 17:05:58 PDT