Forum Topic: error logs, interpreting some 404’s

Forum: .htaccess Forum : General • Posted by RememberToForget • Updated:

I'm trying to figure out what to do with htaccess about these two in particular:

public_html/ajax.googleapis.com, referer: 
http://www.MyOwnSite.com//ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js

The above happens a lot. Is jquery not loading for some people? (I have a backup loading method so I'm not sweating over this one, but still this seems strange to me.)

public_html/images/about-gh\xe2\x80\xa6

I see something similar to this all the time. It looks like strange garbled paths like this, \xe2\x80\xa6, and sometimes they go on and on as in \xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6.

Funny, checking error logs is now the first thing I do over coffee in the morning. What is happening to me? :)

4 Replies to “error logs, interpreting some 404’s”

Jeff Starr
Posted by Jeff Starr

So just to be clear, in the first example, public_html/ajax.googleapis.com is the request and http://www.MyOwnSite.com//ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js is the referrer, correct?

If so, it could be malicious if there is nothing in the jQuery file that makes a call to public_html/ajax.googleapis.com. I would guess it's been added to a scan list for some reason; or else there is a call to that URL (or related) from the jQuery file (referrer). Keep an eye on adjacent requests to see if such requests are part of a scan, or if the pattern looks more like the requests are happening for page loads.

For the garbled paths, those are hexadecimal encoded characters, and certainly are malicious in most cases. Blocking them is trivial IF you're sure that none of the resources/scripts on your site require such characters in the URL (or parameters). To investigate further into what's actually being targeted by such requests, use an online conversion tool such as Hixie's tried and true UTF-8 Decoder:

http://software.hixie.ch/utilities/cgi/unicode-decoder/utf8-decoder

Funny, checking error logs is now the first thing I do over coffee in the morning.

Lolz! That actually sounds very inspiring. You know you're hooked when you set up routines to keep an eye on requests throughout the day. It's a total rush to catch someone/something in the act and block them cold on the spot. :D

Posted by RememberToForget •

OK so I guess I'll handle the confusing utf8 stuff when I get around to implementing one of your blacklists (6g or whatever). Thanks for sharing the utf8 decoding tool (i.e., I love finding these random online tools).

As for the google ajax api thingy, I think it comes from my use of the typical google cdn to load jquery at the top of my index.php page. I don't see how I could have tried to load jquery from within a self-made script, so I guess I'll just redirect all requests for ajax.googleapis.com to the right place, i.e., like with the trick for redirecting all favicon.ico requests to the actual file.

Am I asking you too many questions? I'm disciplining myself to keep it down to one per day. I'm shocked that this forum isn't jam-packed with geeks begging for some attention. I'm also shocked to find that I am that geek.

Jeff Starr
Posted by Jeff Starr

Not at all, I enjoy the dialogue, especially concerning this particular topic. I think that for a jam-packed, rustling bustling forum you'll have better luck with a more mainstream topic, like CSS or jQuery. .htaccess is pretty esoteric stuff, and I am more than happy with the amount of activity in the forum. If it were more popular, I wouldn't have the time to respond to every question and carry on these sorts of extended dialogues, which I enjoy greatly. Further, looking at the traffic logs for the forum, a lot of folks it looks like are reading the posts without jumping in.. "lurkers" we used to call them.

Posted by RememberToForget •

OK so it's because it's htaccess, I can see why people wouldn't find it too exciting. I put off getting your book for about three years, but now that I'm finally happy with my level of jquery'ness, etc. I started coming back to this site, and the classiness of it really hit me. The black-belt'ness of it, plus the generosity.

So I'm like, "F*ck, now I'm gonna get this book and I'll be living in htaccess-world for the next six months." (I'm trying to retire but my inner geek is enthralled by some of these things. I really just want to lie around and chill with the cats all day.)

So now I'm in 404-land. I get tons of 404's, people just keep trying to find things that I took offline years ago. The image hotlinking was pretty bad, too. People just help themselves to anything, it's like they don't comprehend, "This doesn't belong to you." The entitlement is really something. So finally for hotlinkers I made a funny rewrite/redirect so that anyone who has my images on their site now has this this:

.htaccess ninja

Man, does that ever crack me up.

Something about the little ninja, I don't know why it's so damn funny to me.

I guess it's the ambiguity of it. Yeah, yeah. It's like, is he pissed? Is he saying, "I SEE YOU"? "You're busted?" I'm coming to get you? Now you've gone and done it?

When I first got this working yesterday I actually laughed so hard I was tearing up and my stomach muscles were aching. I showed my wife and she practically pissed herself. That damn ninja also brings back memories of when we used to run a forum. I've known that little ninja guy a long time. :)

Alright so that's the kind of stuff I like about htaccess. It's the funny sh*t you can do with it. I don't even know what you can do with it, but I hope it's a lot of funny sh*t like this.