Highlighted

How can I find the script/code that is causing entries into http.log?

New Here ,
Aug 23, 2014

Copy link to clipboard

Copied

CF9.01: I see undesired entries in http.log. The appear to be generated by some hostile code on the server. But the log does not show which file generated the log entry. Is there a way to determine this? I have text-searched for hard coded links as shown in the examples below but found none.

I am using IIS6. Examples of the unwanted

"Information","jrpp-34","08/20/14","21:43:52",,"Starting HTTP request {URL='http://www.stopforumspam.com:80/api?ip=74.86.158.106', method='GET'}"

The referenced IP is not on our system.

Another: "Information","jrpp-41","08/20/14","23:23:57",,"Starting HTTP request {URL='http://3264335898:80/n/a.txt', method='get'}"

Views

274

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

How can I find the script/code that is causing entries into http.log?

New Here ,
Aug 23, 2014

Copy link to clipboard

Copied

CF9.01: I see undesired entries in http.log. The appear to be generated by some hostile code on the server. But the log does not show which file generated the log entry. Is there a way to determine this? I have text-searched for hard coded links as shown in the examples below but found none.

I am using IIS6. Examples of the unwanted

"Information","jrpp-34","08/20/14","21:43:52",,"Starting HTTP request {URL='http://www.stopforumspam.com:80/api?ip=74.86.158.106', method='GET'}"

The referenced IP is not on our system.

Another: "Information","jrpp-41","08/20/14","23:23:57",,"Starting HTTP request {URL='http://3264335898:80/n/a.txt', method='get'}"

Views

275

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Aug 23, 2014 1
Advocate ,
Aug 25, 2014

Copy link to clipboard

Copied

Search for CFHTTP in all your code.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Aug 25, 2014 0
BKBK LATEST
Adobe Community Professional ,
Aug 25, 2014

Copy link to clipboard

Copied

Search your log files for all the pages requested within 1 or 2 seconds of the times 08/20/14 21:43:52 and 08/20/14 23:23:57.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Aug 25, 2014 0