Copy link to clipboard
Copied
CF9.01: I see undesired entries in http.log. The appear to be generated by some hostile code on the server. But the log does not show which file generated the log entry. Is there a way to determine this? I have text-searched for hard coded links as shown in the examples below but found none.
I am using IIS6. Examples of the unwanted
"Information","jrpp-34","08/20/14","21:43:52",,"Starting HTTP request {URL='http://www.stopforumspam.com:80/api?ip=74.86.158.106', method='GET'}"
The referenced IP is not on our system.
Another: "Information","jrpp-41","08/20/14","23:23:57",,"Starting HTTP request {URL='http://3264335898:80/n/a.txt', method='get'}"
Copy link to clipboard
Copied
Search for CFHTTP in all your code.
Copy link to clipboard
Copied
Search your log files for all the pages requested within 1 or 2 seconds of the times 08/20/14 21:43:52 and 08/20/14 23:23:57.