I hope someone can help me on this.

What does the following mean? it is from my access log.

198.81.26.177 - - [21/Oct/2003:19:23:41 -0700] "GET / HTTP/1.0" 200 17926 "-" "Mozilla/4.0 (compatible; MSIE 5.5; AOL 6.0; Windows 98)"


is this person hacking in? I have blocked their I.P. but this appears now.

please help. is there a way to stop this?

its a spider crawling your site.

Doesn't look like a spider to me. Looks more liks an AOL user who has referenced the site with simply the domain name.

Why do you think this is a problem?

that is what puzzles me. I am blocking the I.P. but they still get in.

Take a look at this..
67.24.80.172 - - [21/Oct/2003:00:32:55 -0700] "GET / HTTP/1.1" 200 17926 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; MSN 8.0; MSN 8.5; MSNbMSNI; MSNmen-us; MSNcIA)"

the code 17926 appears after 200, this is the same code my I.P. comes up with when I log into my site. the above I.P. is also blocked.

what are they using to get into my site? it appears they are going in the back door and maybe downloading files? I have I.P.'s blocked but those same I.P.'s show up on the error log at the very same time they show up on the access log. so what is it?

Is this something new?

I hope someone has seen this or at least has some ideas.

thanks..............

has anyone ever seen this?
does it work?

RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR]
RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR]
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]
RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^Ping [OR]
RewriteCond %{HTTP_USER_AGENT} ^Link [OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR]
RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^psbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector
RewriteRule ^.* - [F]

Yes I've seen that and it does works, but there are ways to get around it :D

Originally posted by vegaswedding
I hope someone has seen this or at least has some ideas.

What are you panicking about? This is a normal user accessing your site (as was the first log entry you posted).

If you're going to read your log, you probably should learn what it means...

67.24.80.172 - - [21/Oct/2003:00:32:55 -0700] "GET / HTTP/1.1" 200 17926 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; MSN 8.0; MSN 8.5; MSNbMSNI; MSNmen-us; MSNcIA)"
Shows that a user using a Level3.net dial-up from Las Vegas loaded your home page successfully (return code 200) and your home page is 17926 bytes. They used Internet Explorer 6.0 to do it (probably via MSN, which (IIRC) uses Level3 for some of its dial-up connections).

Since your username is 'vegaswedding' I assume you'd want people from Las Vegas accessing your site...

Also, as stevel said, the first log entry you posted was an AOL user loading your home page.

I have no idea where Naveen got the idea that it was a spider...

Why are you blocking IP addresses without knowing what's happening?

The 17926 is the size of the request in bytes.

What's the problem again?