Curious Raw Logs information -- need help deciphering.

I did a whois on the ip hitting you and here is the info:

% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum:      195.92.244.0 - 195.92.247.255
netname:      POL-GRL-SSL1
descr:        Planet Online, Gott's Road site, SSL Server addresses.
descr:        In case of problems, please contact +44 113 2346068
descr:        Please do not send abuse reports to tech or admin contacts
descr:        Abuse reports to [email protected] please!
country:      GB
admin-c:      PJ3130-RIPE
tech-c:       PJ3130-RIPE
rev-srv:      earth.theplanet.net
rev-srv:      venus.theplanet.net
rev-srv:      pluto.theplanet.net
status:       ASSIGNED PA
notify:       [email protected]
mnt-by:       AS5388-MNT
changed:      [email protected] 20001123
source:       RIPE

route:        195.92.0.0/16
descr:        Planet Online Limited
descr:        The White House
descr:        Melbourne St.
descr:        Leeds LS2 7PS United Kingdom
origin:       AS5388
mnt-by:       AS5388-MNT
changed:      [email protected] 19960612
source:       RIPE

person:       Pedro Jones
address:      Energis Squared
address:      Melbourne St
address:      Leeds, LS2 7PS
phone:        +44 113 207 6000
fax-no:       +44 113 2345656
e-mail:       [email protected]
nic-hdl:      PJ3130-RIPE
mnt-by:       AS5388-MNT
changed:      [email protected] 20010920
source:       RIPE

Thanks, I have already filed a complaint with them. It's a large company that provides IPs to ISPs, so they needed a whack of information (that I was happy to provide).

Any ideas on why the calls to /images/images/images? Know of a hack that would do this?

Bloody idiot ran up my bandwidth, but I'm still under my limit, so far.

Fricking 60M log file. *rolling eyes*

Suzanne

LOL, life is grand, aint it?

I'm not sure about this. It could be a denial of service attack. I searched for images/images and the only security-type response was in Chinese (or something), so I don't know what it was about. The seemed to be having the same thing happen to them though -- a lot of hits for something with images/images in its path. Doesn't sound like an exploit because of the volume of requests.

it's not the first time I've gotten that odd request, but it is the first time that I've gotten it 125000 times in three days. Usually it's one or two, which is why I was wondering if it did something.

It didn't really affect my site (amusingly), but it sure did make it slow (dealing with a 60M log file, I'd assume). lol!

S

This is what I found on it regarding a piossible DoS type attack....

http://www.geocrawler.com/archives/3/192/2000/11/0/4730665/

Well poop on a stick, that's exactly the crap I'm getting -- how did you find that!? Thank you!

Yet another reason to love Netscape, I guess... :/

So basically, nail down the custom 404 document with all absolute urls for all links, images, et cetera and all will be well. I hope.

Very interesting, thank you!!

Suzanne

Interesting! Having a custom 404 myself, I figured that I'm a sitting duck also. I was surprised to see that I have already coded it with absolute URLs which I rarely, if ever, do.

It has been quite a while since I coded the page. My only guess is that this isn't a new vulnerability and I was advised by my host to code it this way.

Of course, all memory of this was promptly purged in order to make more room for song lyrics and Simpsons trivia

lol, amazing what you will throw out to make room for fun, isn't it!

S