Log File

[jmoschetti45]

Four abnormalities I found in my log file: 1.) A whole 2 pages of a mix of random readable and unreadable characters. 2.) About 2/3 of a page of 'blocks' (letters that can't be displayed). 3.) An entire 4 pages of markup. 4.) Sites that arn't mine, just randoms ones that I go to in IE. Does anybody know how or what is causing this?

[Anonymoose]

Are you using an ad blocker ? A lot of them work by redirecting adverts to 127.0.0.1 (your machine) under the assumption there is nothing there, so the advert should time out and fail to load. If you're running a server you will see these appear in your log file as they attempt to load from your site instead of failing. The Abyss log should be showing 404's. As for the unreadable characters, I'm not sure - unless someone with a badly configured browser has viewed the site and sent all their requests in a foreign character set / unicode. Could you post a chunk of it ?

[TRUSTAbyss]

I believe that in some early versions that
HTML from web pages would appear in
your log file , I haven't noticed any more.

You may have some traces of a worm
trying to hack into your system , post
a sample of the log file here.

[iNaNimAtE]

I can almost guarantee you that some of the log entries are IIS exploits taking place. You have nothing to worry about though, because you are using Abyss.
_________________
Bienvenidos!

[jmoschetti45]

Heres some sample lines:

127.0.0.1 - - [28/Mar/2003:03:36:52 +0100] "GET /ad/N763.starcom.yahoo/B1086033.112;sz=1x1;ord=1048819009379391? HTTP/1.0" 404 427 "http://us.f208.mail.yahoo.com/ym/ShowFolder?rb=Inbox&reset=1&YY=87875" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90; YComp 5.0.2.4)"
127.0.0.1 - - [28/Mar/2003:03:37:01 +0100] "GET /ad/N763.starcom.yahoo/B1086033.112;sz=1x1;ord=1048819019247256? HTTP/1.0" 404 427 "http://us.f208.mail.yahoo.com/ym/ShowLetter?MsgId=7128_1983593_874_1184_599_0_4840_1139_2582576731&YY=39625&inc=200&order=down&sort=date&pos=0&view=a&head=f&box=Inbox" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90; YComp 5.0.2.4)"
127.0.0.1 - - [28/Mar/2003:03:41:11 +0100] "GET /ad/N3289.Yahoo/B1116250.5;sz=300x250;ord=1048819267173343? HTTP/1.0" 404 427 "http://us.f208.mail.yahoo.com/ym/ShowFolder?ET=1&.crumb=KDJDOpOd0sJ&reset=1&YY=52297&inc=200&order=down&sort=date&pos=0&view=a&head=f&box=%40B%40Bulk" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90; YComp 5.0.2.4)"
127.0.0.1 - - [28/Mar/2003:03:49:32 +0100] "GET /site=138745/size=425600/bnum=1048819766/bins=1/rich=0 HTTP/1.0" 404 427 "http://us.f208.mail.yahoo.com/ym/ShowFolder?rb=Inbox&reset=1&YY=17298&inc=200&order=down&sort=date&pos=0&view=a&head=f&box=Inbox&YN=1" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90; YComp 5.0.2.4)"


And this:

¼È>ÿKèo`Z�,È‚Æ.ŒÃ^¢zšž`1Á�|s3œ½zè¾
^‘®X­è[Wž¢pœîX%|‰£EpuëÅ!Tb‘b
2È%\?º­FÛž,f².!ˆX'6ž.¡Ê'+

And this also:
<html>
<head>
<title>Some Title</title>
.........


Well I can't post the 'blocks' in here for some reason.

[iNaNimAtE]

In reference to:
"127.0.0.1 - - [28/Mar/2003:03:36:52 +0100] "GET /ad/N763.starcom.yahoo/B1086033.112;sz=1x1;ord=1048819009379391? HTTP/1.0" 404 427 "http://us.f208.mail.yahoo.com/ym/ShowFolder?rb=Inbox&reset=1&YY=87875" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90; YComp 5.0.2.4)" "

First of all, the guy is using Windows 98, so you really have nothing to worry about. Second, I'm just guessing, but it looks like he came from viewing a mail message, to guessing a url on your webserver. Notice the "404" meaning he didn't get very far.
_________________
Bienvenidos!

[jmoschetti45]

Well 127.0.0.1 = localhost = me. I'm still wondering how all my normal surfing gets in my Abyss log.

[TRUSTAbyss]

What version of Abyss Web Server are you using ?

[jmoschetti45]

Im using 1.2.2.2.

[aprelium]

jmoschetti45,

If you're running Windows 98 with IE 5.5, these log lines seems to be generated by an ad blocker which redirects ad requests to localhost. Usually people won't notice something, but if you have a web server on the computer, it will answer the requests.
_________________
Support Team
Aprelium - http://www.aprelium.com

[sat]

[jmoschetti45]

Yes, deleting it fixes the problem. But it will just happen again.

Well I tried IE 6, Mozilla, Opera, Netscape, Firefox, and Avant. Its clearly not related to the browser. Plus I have the ad requests show up as 127.0.0.1.
_________________
http://jmoschetti45.com

[iNaNimAtE]

The internet can be strange. Have you tried turning "Extended Logging Format" to "OFF?"
_________________
Bienvenidos!

[jmoschetti45]

No, but I will as soon as I get my server back up. Currently the hard drive has filled up because of another unknown problem. Got 0 bytes free and nothing runs (That problem is in another thread).
_________________
http://jmoschetti45.com

[aprelium]

jmoschetti45,

Do you have an ad blocker?
_________________
Support Team
Aprelium - http://www.aprelium.com

[jmoschetti45]

No. The only form of ad 'blocking' I use is adding the ad servers to my hosts file. But that redirects them to 127.0.0.2 and I see the 127.0.0.2 in the log.
_________________
http://jmoschetti45.com

[iNaNimAtE]

Is there a way just to turn the log off? Maybe remove the "Log File" directory entry...
_________________
Bienvenidos!

[jmoschetti45]

Not really I think. Im sure I could modify Abyss to stop it but I want the log. If something goes wrong (eg: hacker) I need to be able to get IP. Plus its nice to keep track of visitors. It's not a major problem with all of the extra trash in it. Its just annoying.
_________________
http://jmoschetti45.com