HiHi!
1. The requests are not available at log because I have blocked the .ru
domains at firewall level. Let me disable the firewall to generate the logs
for you
109.188.125.110 - - [17/Apr/2014:07:27:03 +0200] "GET /Uizz9n HTTP/1.1" 301
- "http://www.tv-house.ru/detail/200/5347" "Mozilla/5.0 (Windows NT 6.3;
WOW64; Trident/7.0; ASU2JS; rv:11.0) like Gecko"
109.188.125.110 - - [17/Apr/2014:07:27:04 +0200] "GET
/index.php?id=16&no_cache=1 HTTP/1.1" 200 9009 "
http://www.tv-house.ru/detail/200/5347" "Mozilla/5.0 (Windows NT 6.3;
WOW64; Trident/7.0; ASU2JS; rv:11.0) like Gecko"
109.191.88.164 - - [17/Apr/2014:07:27:13 +0200] "GET
/index.php?id=16&no_cache=1 HTTP/1.1" 200 9009 "-" "libtorrent/0.16.10.0"
109.188.125.110 - - [17/Apr/2014:07:27:16 +0200] "GET
/index.php?id=16&no_cache=1 HTTP/1.1" 200 9009 "
http://www.tv-house.ru/catalog/29/200/31/" "Mozilla/5.0 (Windows NT 6.3;
WOW64; Trident/7.0; ASU2JS; rv:11.0) like Gecko"
I am *NOT* a DNS guru. I actually learned a bunch many years ago and even
operated BIND for a while but gave up trying to -really- learn it, and
keep up with progress. I'm happy enough if I can keep my own /etc/hosts
and hosted DNS llined up records straight. LOL!!
I do know how to look at a few things though.
Those two IP addresses 109.188.125.110 and 109.191.88.164 appear to be in
a simmilar '109' range, but not close enough.
Whois n for the first one says...
% Information related to '109.188.124.0 - 109.188.127.255' ...
% Abuse contact for '109.188.124.0 - 109.188.127.255' is
'aguz...@yotateam.com'
... and the second one ...
% Information related to '109.191.0.0 - 109.191.127.255'
% Abuse contact for '109.191.0.0 - 109.191.127.255' is 'ab...@is74.ru'
...and all other information about those #s after that is different
content and structure, implying completely different owners and even
different DNS hosts. I -think- That -implies- that there's no -connection-
between the -sources- of the requests, that they're coming from completely
different ISPs. Yet, there the requests are.
BTW when I http:// those domains I get 'tv' related pages but appear to be
compltetly different.
With that I'm bowing out because it's way over my head. I have no doubt
tha someone with enough dig skills could pin down the exact source of the
problem fairly straighforwardly, but it definitely ain't me.
You -could- ask your uplink to look into it. It depends on how supportive
they are, and how interested the particular tech person you talk with is
interested in the problem. The reason I say it that way is that it
-doesn't- seem to be your -uplinks- misconfiguration, so 'not their
problem.' But because it's causing unnecessary traffic on -their- lines
they -might- be interested. Whether you can convince them to be interested
depends on who you talk with and how you convey the problem. Some IPSs are
-very- concerned about user (you) inconvenience, others don't give a rat's
ass.
Have a :) day!
Jim
--
Jim Barchuk
j...@jbarchuk.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org