WordPress › Support » Could anyone help me with what this is (its showing up in my 404 logs)

Kaiberie
Member
Posted 7 years ago #

/oveChild(addComment)%3B
/very
/hemes%2C
/d.%26nbsp%3B
/compare
/archives/56/rebel-without-a-clue/&prev=/search%3Fq%3Dmisc%2Btrackback%2Buri%26start%3D130%26hl%3Dit%26lr%3D%26sa%3DN
/oveChild(addComment)%3B
/archives/56/rebel-without-a-clue/&prev=/search%3Fq%3Dfamily%2Btrackback%2Buri%26start%3D410%26hl%3Des%26lr%3D%26sa%3DN
/archives/56/rebel-without-a-clue/&prev=/search%3Fq%3Dfamily%2Btrackback%2Buri%26start%3D450%26hl%3Dde%26lr%3D%26sa%3DN
The base site install (http://kaiberie.com) is wordpress 2.(something - I can't remember if I upgraded it or not).

Should I be concerned? Or is this just search engines (like Slurp) paying silly ****s?

Thanks in advance for your time.

Kai
Direkt
Member
Posted 7 years ago #

Okay, first off, what the heck am I looking at?
niziol
Member
Posted 7 years ago #

If you'd like anyone to give your question more than the confused look I'm giving it, I suggest you post the FULL error log info, ie: referrers, IP's, host's etc. How the hell is anyone supposed to know who its from or whats it doing from what you posted?

Please put it into a text file or something and post a link, don't post the log directly in the forum.
Kaiberie
Member
Posted 7 years ago #

Ok..I'll rephrase my question. WHY would there be partially formed URL's showing up, with trackback and search strings from wordpress in my error logs?

I am asking because I'm concerned someone's trying to do something with my wordpress blog. I don't know why its converting some of the slashes to partial code either, which is the other reason I'm questioning this.

And I can't, currently, produce a plain text logfile for you, I'm sorry - its from AWstats and I don't have anything that converts it to text.
If your answer is 'what the hell is this' please don't reply. I'd like helpful answers, please.

Thanks for your time
Kai
whooami
Member
Posted 7 years ago #

its spam, and i'll bet $10.00 that the ip (check your awstats) is 72.232.43.178

you can block it in your htaccess, or ignore it. There have already been atleast 2 emails sent off from different blog owners to the netblock owner complaining -- so far they have done nothing.
spencerp
Member
Posted 7 years ago #

EDITED* Ok, whooami beat me to it. =) Thanks for that whooami.. =)

It almost looks like a "bot" or search bot is trying to "index" your trackbacks, but maybe something isn't quite right with that..

Almost like, someone is finding your trackbacks via a search perhaps, and either "they" the people are coming in on a bad search engine "copy" of that trackback link...or something. Maybe it's also the "sessions" of a link being twisted or modified on their entry of that trackback.

I wouldn't really worry about that too much persay. In my BaStats logs, I have incoming hits from like:
mydomain.com/pictures/
mydomain.com/images/

And most likely it's Search Engine bots doing their job, because I had recently moved my blog from:

domain.com/blog
to
domain.com

I didn't have these errors before I moved it. Also, I removed my whole original main site, so I could move my blog to the root. So, unless a moderator or someone more smart then I can help, that's all I can maybe suggest. =)

spencerp
Les Bessant
Moderator and keeper of the Tiggers
Posted 7 years ago #

>> I'd like helpful answers, not assholes trying to drive a newbie away.

Good way of encouraging people to help you.

AWStats generates its output from the actual log files. If you didn't configure it yourself, ask your host for the location of the files.

But in general, I don't take much notice of random 404s. Some will be search engine spiders looking for common folders, some might be wannabe hackers looking for exploits, some might be random weirdness.
spencerp
Member
Posted 7 years ago #

Kaiberie,

"I'd like helpful answers, not assholes trying to drive a newbie away."

I know you weren't referring to me persay, but yes, you just got three "assholes" that replied including myself, I'm sure the other two ARE proud of that title, as well as I. =)

But, all in all, hopefully the replies themselves will help you understand the situation. =)

spencerp

Actually, whooami...which can be and sound more "rude" then anyone persay, posted a reply in a nice manner.. =) As well as myself..and I'm sure the other person did to.. =) It might sound rude, but it's not really intended that way. =)
niziol
Member
Posted 7 years ago #

I suppose I am one of those "assholes" being referenced, though I would prefer something like "condescending bastard", but I suppose it isn't Christmas everyday.

Now that you've clarified the question a bit, I can tell you that it is most likely what the others have said. I know for a fact that Yahoo will intentionally try to access nonexistent pages to test the 404 responses it's getting. I'm guessing if they do this, then most likely so do the other search engines. I don't know the intricacies of it all, but you could assume they do it this way because there is no better way to do whatever they are doing, so certainly if the 'big guys' do it, the smaller ones would as well.

If it is just someone with too much time on their hands looking for things to hack, as long as your server is secure, I wouldn’t get too worried – though they are wasting bandwidth if that’s what there doing, but I digress.

If you notice access attempts on actual files in your installation, then perhaps that could be something to double check on. As long as your host takes the prudent measures for security and you keep WordPress up-to-date, I wouldn't lose any sleep over it.

Cheers,
Michael.
spencerp
Member
Posted 7 years ago #

"I suppose I am one of those "assholes" being referenced, though I would prefer something like "condescending bastard", but I suppose it isn't Christmas everyday."

Hahaha,...hell yeah! But like Micheal and most of us said, it's probably just some S.E. bullshit going on. :/ And I wouldn't put it past the spammers trying to mess with your stuff either like whooami said. =)

If something was going to happen or was bound to happen since you last replied or posted to this thread, and yet nothing happened..there isn't too much to worry about. =)

spencerp

P.S. I had my main site hacked before by Turkish hackers and it's actually screen shot and shown on a website where it lists sites of being hacked. It was mostly because of the content.

"Hackers" are whatever don't usually target ppls unless they actually think ALOT of viewers will notice it on sites to a "specific" content. Mine was about Gov't conspiracies, New World Order, Alien shit, and other things that fell under this catagory.. and they must have figured my site was going to get lots of hits.

But, after that hacking...I didn't make a site on that shit since..and <knock on wood> haven't been hack since and that was back in the 90's sometime. :/
Kaiberie
Member
Posted 7 years ago #

I apologise for the 'assholes' comment (hence why I editted it straight away) - it was ill advised. Its a long day, I'm sore, can I apologise, than everyone and move on?

And neh, you're not - got some pretty rude comments posted on my own site - I just thought I'd check policy on how things are handled over here - I was wrong,(offended - though not as much by you guys as some....strange people that came to my blog) tierd and dumb.

As an FYI though, my poetry site was hacked. Makes me sensitive to anything looking redirecty. And it was a completley straight html site.

Thank you, all for your answers.
Would anyone mind telling me how to grab the logfiles from AWstats in text? Or is a copy and paste job?

Kai
whooami
Member
Posted 7 years ago #

if you have cpanel access you can download all of your raw access logs.

do you have cpanel?
Kaiberie
Member
Posted 7 years ago #

Yes, I have c-panel. I'm a reseller account so I also have limited WHM - just never needed to grab logs.
I'd be grateful for any information on getting logfiles though, and once again, I'm sorry for actually being the ass.

Tierd Kai :(
Kaiberie
Member
Posted 7 years ago #

I suppose I am one of those "assholes" being referenced, though I would prefer something like "condescending bastard", but I suppose it isn't Christmas everyday.

I'm apologising once again, but....
I'm amused by this - I get the feminine version all the time.

Look, I'm sorry - the kids are sick, I'm having to work late, and I was worried my only 'non work' site that I actually care about was about to blow up, like my poetry one did. Phishing scams are not fun - I'm STILL recieving hate mail about it. So I'm sensitive and tierd.
I apologise unreservedly. Feel free to flog me with wet noodles or whatever.

Kai
spencerp
Member
Posted 7 years ago #

*EDITED*

*What whooami said, I was going to add them or that to, but didn't. =( Sorry bout that..*

spencerp

/******Ignore This****************************/
It's cool Kai, just when logged into the cpanel.. go here:
Web/FTP Stats => Error Log once. That should be right, unless someone else has other areas to check. =)

Just click on the Error Log link there, inside the Web/FTP Stats section, I believe it is.. =)

spencerp

And, on the side note: I'd rather just be called: spencer, instead of the spencerp.. thanks whooami. =)
whooami
Member
Posted 7 years ago #

inside cpanel, there ought to be an icon and text that reads, "raw access logs", clicking that will allow you to download your raw access logs.

the error logs that spencer is describing are not your COMPLETE raw logs -- they are just what they say, error logs. Those same error logs will allow you solve the question of what IP is responsible for your original post, again ive already given my guess (its been seen before).