Looking at the Apache logs, all the "new surfers" are showing up without a
Referer or User-Agent .. the later is unusual because while it can be
spoofed, it's rarely done.
My guess is that some virus (or program) is propogating out there in
the "wild" and query'ing my web site for some piece of information
as part of the program itself. So what the heck is this, who/where
did it come from, what is the intent, and why is it using my hack script?
I may never know the answers to the above, but what should I do about it?
If it was hot-linking images, I could have some fun with mod_rewrite
and return something else - from past experience, this is usually
"successful" (!) in stopping the traffic - folks more neferious than I will suggest Goatse.
But I don't think the people at the querying hosts
are even aware this is being done and I doubt they see directly whatever
the data is being used for.
I allready tweaked the
script so that if there is no User-Agent, it returns data for
IP address 10.10.10.10
(which is a private
address per RFC1918) so that info isn't too interesting.
Other options in the script itself would be doing
a 301/302 redirect - heck, maybe I'll send 'em all to Microsoft.Com although the 127.0.0.1 loopback would be more appropriate.
Or I could return a 403 Forbidden to those web browsers
that don't send a User-Agent. More drastically, I could
rename the script so a 404 Not Found is returned,
although that breaks things for legit surfers.
But in all of these cases, these traffic requests would continue to come
into my dinky 3.2 GHz Pentium Linux box. While it can handle the current rate (Apache2 and mod_perl ROCKS), I'm concerned if it continue to increase. Is there any way of getting this turned off and/or other suggestions from K5'ers?