: Help with 404 errors for .../0 requests We're seeing lots of 404 errors for requests that end in "/0" with our own pages as the referrer. Seems to be lots of different browsers & repeat
We're seeing lots of 404 errors for requests that end in "/0" with our own pages as the referrer. Seems to be lots of different browsers & repeat requests per page. Can't find the cause - it's not in the page source & using Firebug's Net panel doesn't show any such request being made. Any ideas? Maybe a screwed up display ad verification service that we're not seeing?
Here's an access log sample:
50.141.98.142 - - [09/Feb/2015:01:00:58 -0800] "GET /carcomplaints.com/Toyota/Sienna/2000/transmission/0 HTTP/1.1" 404 4141 "http://www.carcomplaints.com/Toyota/Sienna/2000/transmission/power_train
-automatic_transmission.shtml" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
50.141.98.142 - - [09/Feb/2015:01:01:35 -0800] "GET /carcomplaints.com/Toyota/Sienna/2000/transmission/0 HTTP/1.1" 404 4141 "http://www.carcomplaints.com/Toyota/Sienna/2000/transmission/power_train
-automatic_transmission.shtml" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
50.141.98.142 - - [09/Feb/2015:01:02:10 -0800] "GET /carcomplaints.com/Toyota/Sienna/2000/transmission/0 HTTP/1.1" 404 4141 "http://www.carcomplaints.com/Toyota/Sienna/2000/transmission/power_train
-automatic_transmission.shtml" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
50.141.98.142 - - [09/Feb/2015:01:02:39 -0800] "GET /carcomplaints.com/Toyota/Sienna/2000/transmission/0 HTTP/1.1" 404 4141 "http://www.carcomplaints.com/Toyota/Sienna/2000/transmission/power_train
-automatic_transmission.shtml" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
192.88.168.1 - - [09/Feb/2015:01:03:11 -0800] "GET /carcomplaints.com/Chevrolet/Blazer/2000/accessories-interior/0 HTTP/1.1" 404 4149 "http://www.carcomplaints.com/Chevrolet/Blazer/2000/accessories
-interior/fuel_gauge_is_erratic.shtml" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)"
192.88.168.1 - - [09/Feb/2015:01:03:39 -0800] "GET /carcomplaints.com/Chevrolet/Blazer/2000/accessories-interior/0 HTTP/1.1" 404 4149 "http://www.carcomplaints.com/Chevrolet/Blazer/2000/accessories
-interior/fuel_gauge_is_erratic.shtml" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)"
192.88.168.1 - - [09/Feb/2015:01:04:04 -0800] "GET /carcomplaints.com/Chevrolet/Blazer/2000/accessories-interior/0 HTTP/1.1" 404 4149 "http://www.carcomplaints.com/Chevrolet/Blazer/2000/accessories
-interior/fuel_gauge_is_erratic.shtml" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)"
50.141.98.142 - - [09/Feb/2015:01:04:05 -0800] "GET /carcomplaints.com/Toyota/Sienna/2000/transmission/0 HTTP/1.1" 404 4141 "http://www.carcomplaints.com/Toyota/Sienna/2000/transmission/power_train
-automatic_transmission.shtml" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
192.88.168.1 - - [09/Feb/2015:01:04:27 -0800] "GET /carcomplaints.com/Chevrolet/Blazer/2000/accessories-interior/0 HTTP/1.1" 404 4149 "http://www.carcomplaints.com/Chevrolet/Blazer/2000/accessories
-interior/fuel_gauge_is_erratic.shtml" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)"
192.88.168.1 - - [09/Feb/2015:01:05:24 -0800] "GET /carcomplaints.com/Chevrolet/Blazer/2000/accessories-interior/0 HTTP/1.1" 404 4149 "http://www.carcomplaints.com/Chevrolet/Blazer/2000/accessories
-interior/fuel_gauge_is_erratic.shtml" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)"
68.228.178.146 - - [09/Feb/2015:01:06:03 -0800] "GET /carcomplaints.com/Honda/CR-V/2014/wheels_hubs/0 HTTP/1.1" 404 4141 "http://www.carcomplaints.com/Honda/CR-V/2014/wheels_hubs/faulty_TPMS.shtml"
"Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko"
50.141.98.142 - - [09/Feb/2015:01:08:44 -0800] "GET /carcomplaints.com/Toyota/Sienna/2000/electrical/0 HTTP/1.1" 404 4138 "http://www.carcomplaints.com/Toyota/Sienna/2000/electrical/electrical_syst
em.shtml" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
75.165.117.151 - - [09/Feb/2015:01:09:21 -0800] "GET /carcomplaints.com/Pontiac/Grand_Am/2001/brakes/0 HTTP/1.1" 404 4144 "http://www.carcomplaints.com/Pontiac/Grand_Am/2001/brakes/service_brakes_h
ydraulic-foundation_components-disc-rotor.shtml" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
66.91.82.108 - - [09/Feb/2015:01:09:42 -0800] "GET /carcomplaints.com/Pontiac/Grand_Am/2001/engine/0 HTTP/1.1" 404 4144 "http://www.carcomplaints.com/Pontiac/Grand_Am/2001/engine/engine_turns_over_
will_not_start.shtml" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; rv:11.0) like Gecko"
66.91.82.108 - - [09/Feb/2015:01:10:24 -0800] "GET /carcomplaints.com/Pontiac/Grand_Am/2001/engine/0 HTTP/1.1" 404 4144 "http://www.carcomplaints.com/Pontiac/Grand_Am/2001/engine/engine_turns_over_
will_not_start.shtml" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; rv:11.0) like Gecko"
107.210.0.186 - - [09/Feb/2015:01:10:51 -0800] "GET /carcomplaints.com/Toyota/0 HTTP/1.1" 404 4071 "http://www.carcomplaints.com/Toyota/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0)
like Gecko"
More posts by @Mendez628
1 Comments
Sorted by latest first Latest Oldest Best
I checked:
50.141.98.142
192.88.168.1
68.228.178.146
...using mxtoolbox.com/blacklists.aspx
All three are on the SORBS DUHL blacklist which is primarily a spam blacklist, however, it can indicate other forms of activity as a condition of being a compromised system.
Without checking all of these, I rather suspect that these are compromised computers that are trying to collect some form of information with malformed URIs.
I would not worry about them at all.
You can use the following in your .htaccess file to block any of these:
RewriteCond %{REMOTE_ADDR} ^50.141.98.142$
RewriteRule .* - [F,L]
Just change the IP address for each. You can block a series of IP addresses:
RewriteCond %{REMOTE_ADDR} ^50.141.98.142$ [OR]
RewriteCond %{REMOTE_ADDR} ^68.228.178.146$
RewriteRule .* - [F,L]
...using the [OR] to represent several regex match options.
If you need Nginx or Cisco code, let me know.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.