Apache Friends Support Forum

[johnthardman]

Hi folks

Ive got some weird stuff going on. For example about every 4 seconds an access & error log entries are being made by someone who trying to go or get to store.apple.com/au/cart (this alone worries me greatly).

Here is a sample of bopth the access and error logs.

Im using xampp 1.7.1 for windows and running joomla 1.5.14. It appears I have a vunerability somewhere !

ACCESS LOG
21.208.91.229 - - [04/Nov/2009:15:02:50 +1100] "GET /40715998/?site=40715998&cmd=inPage&page=http%3A//store.apple.com/au/cart%3Fcid%3DAOSA10000026879&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=9422450535&scriptVersion=1.1&d=1257307370125&&PAGEVAR!ConversionStage=AOS%3A%20cart&PAGEVAR!Section=product%20selection&PAGEVAR!ErrorMessage=&SESSIONVAR!Conversion-Stage=AOS%3A%20cart&SESSIONVAR!Site-Section=product%20selection&cobrowse=true&cookie=asbid%3DsHHDKK4CPP7DFYHA4%3B%20dssid2%3D895E1633-839A-4A0B-A99B-28E5C2F6462B%3B%20s_campaign%3DAOSA10000026879%3B%20s_cc%3Dtrue%3B%20s_cvp35%3D%255B%255B%2527www.miniclip.com%2527%252C%25271226305888446%2527%255D%252C%255B%2527google%253A%2520organic%2527%252C%25271233022117912%2527%255D%255D%3B%20s_sq%3D%255B%255BB%255D%255D%3B%20s_vi%3D%5BCS%5Dv1%7C4821228600006E76-A290B28000006B4%5BCE%5D%3B%20s_vnum_us%3Dch%253Dip%2526vn%253D1%253B&title=Cart%20-%20Apple%20Store%20%28Australia%29&referrer= HTTP/1.1" 404 1305

124.191.112.55 - - [04/Nov/2009:15:02:53 +1100] "GET /40715998/?site=40715998&cmd=inPage&page=http%3A//store.apple.com/au/cart&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=8699907620&scriptVersion=1.1&d=1257307373091&&PAGEVAR!ConversionStage=AOS%3A%20cart&PAGEVAR!Section=product%20selection&PAGEVAR!ErrorMessage=&SESSIONVAR!Conversion-Stage=AOS%3A%20cart&SESSIONVAR!Site-Section=product%20selection&cobrowse=true&cookie=__utma%3D125090010.3292315921621627000.1242441223.1242441223.1242441223.1%3B%20__utmz%3D125090010.1242441223.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%28direct%29%7Cutmcmd%3D%28none%29%3B%20ac_survey%3D1%3B%20asbid%3Ds7XXC9HU9KC2UCYAJ%3B%20ccl%3DE3hOtesyEa51yj+hqx2OYw%3D%3D%3B%20DefaultAppleID%3Dgearing@mac.com%3B%20dssid2%3D58c7ae02-8243-467f-b380-9ed472b03cfe%3B%20geo%3DAU%3B%20Pod%3D21%3B%20s_cc%3Dtrue%3B%20s_cvp35%3D%255B%255B%2527google%253A%2520organic%2527%252C%25271244497646288%2527%255D%252C%255B%2527WWW-NAUS-ITMS-TRAILERS-IPODTOUCH%2527%252C%25271244862446206%2527%255D%252C%255B%2527google%253A%2520organic%2527%252C%25271246251587180%2527%255D%252C%255B%2527MobileMe-NEWF%2527%252C%25271246604133444%2527%255D%252C%255B%2527google%253A%2520organic%2527%252C%25271256792192135%2527%255D%255D%3B%20s_ppv%3D69%3B%20s_ria%3DFlash%252010%257C%3B%20s_sq%3Dappleauhome%253D%252526pid%25253Dapple%25252520-%25252520index%25252520%25252528au%25252529%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.apple.com/au/store/_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B%20s_v35%3Dgoogle%253A%2520organic%3B%20s_vi%3D%5BCS%5Dv1%7C475D173000001948-A2B0B9000000979%5BCE%5D%3B%20s_vnum_au%3Dch%253Dhomepage%2526vn%253D4%253Bch%253Dmac%2526vn%253D2%253Bch%253Dmacbookpro%2526vn%253D2%253Bch%253Dmacbook%2526vn%253D2%253Bch%253Dsearch%2526vn%253D1%253Bch%253Ditunes%2526vn%253D3%253Bch%253Dipodnano%2526vn%253D1%253Bch%253Dip%2526vn%253D2%253Bch%253Dmacosxserver%2526vn%253D1%253B%3B%20s_vnum_kb%3Dch%253Dsupport%2526vn%253D1%253B&title=Cart%20-%20Apple%20Store%2&referrer= HTTP/1.1" 404 1261

ERROR LOG
[Wed Nov 04 15:02:48 2009] [error] [client 124.191.112.55] File does not exist: C:/xampp/htdocs/Joomla15/40715998, referer: http://store.apple.com/au/cart
[Wed Nov 04 15:02:50 2009] [error] [client 121.208.91.229] File does not exist: C:/xampp/htdocs/Joomla15/40715998, referer: http://store.apple.com/au/cart?cid=AOSA10000026879


Any help is appreciated.

Thanks
John

[Izzy]

Your server has taken care of this for you and has not served the pages
and has returned a 404 not found error message to the clown's browser.

This you will not be able to prevent as it is a fact of life when running a
web server from home.

If you have a firewall then you can block those IPs from making any more
attempts - keep an eye on your log files and build up a block regime for
these clowns, usually country orientated.

Go here to find who these clowns are and if they are undesirables then block
the whole network range in your firewall.
http://70.84.211.98/co/DomainDossier.vbs.asp

Those 2 IPs belong to??? - use the above link to find out all about them.

You can also use a .htaccess file in your server's root folder to block these
clowns by adding the line:
deny from IP for example:
deny from 121.208.91.229

The above link will also give the IP range.

Remember that most of these clowns use a dynamic IP so they may not use
the same IP the next time they visit.

You could also see if the Joomla community knows anything about this issue.

Good luck.

BTW try and break up those long entries as most people hate horizontal
scrolling on a forum.