Results 1 to 9 of 9

Thread: Screening Out Useless Requests

  1. #1
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,261
    Thanks
    173
    Thanked 304 Times in 231 Posts

    Screening Out Useless Requests

    In my server logs I noticed continual requests for favicon.ico which is delivered as code 200 (OK).

    I guess that this is a form of denial of service attack? To slow down the server, max out CPU, pollute stats etc.

    Instead of an IP address in Apache Server logs I have something like: 65-121-129-148.dia.static.quest.net

    But my firewall needs me to enter an IP address into a list of banned IPs.

    Any tips on how to block this parasite?

  2. #2
    iowadawg's Avatar
    iowadawg is offline Free Cell Champion
    Join Date
    May 2010
    Location
    Not in Texas
    Posts
    2,105
    Blog Entries
    4
    Thanks
    170
    Thanked 361 Times in 310 Posts
    If you have a favicon, it is calling that up everytime one of your pages is called up.

    So not some dos attack, etc.

  3. #3
    TopDogger's Avatar
    TopDogger is online now Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,074
    Thanks
    347
    Thanked 913 Times in 697 Posts
    I agree with iowadawg. Some browsers automatically look for favicon.ico, even if you do not have a link to it in the HTML.

    if you don't have a favicon.ico, you will see a ton of requests show up as error 404s.

    I always put one in the root directory, even if it is just a blank image or an image of a ball.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  4. #4
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,261
    Thanks
    173
    Thanked 304 Times in 231 Posts
    But I see several requests for the favicon, one after the other e.g. 4-11 in a row (not error 404). I understand if all the components of a web page are requested in a group i.e. 1 request per item.

    When I access the web page with a web browser IE9 or Firefox, I see only one request for the favicon per page. And other legitimate browsers do the same.

  5. #5
    iowadawg's Avatar
    iowadawg is offline Free Cell Champion
    Join Date
    May 2010
    Location
    Not in Texas
    Posts
    2,105
    Blog Entries
    4
    Thanks
    170
    Thanked 361 Times in 310 Posts
    Too many requests?
    Could mean somewhere your favicon is being used or shown.

  6. #6
    TopDogger's Avatar
    TopDogger is online now Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,074
    Thanks
    347
    Thanked 913 Times in 697 Posts
    It will be a code 200 if a favicon is found and a 404 if it is not.

    Do you have copies of the same web site set code up that may include links to the favicon on that site? It is easy to do if you include the favicon link code in the head section of a page.

    Code:
    <link rel="icon" type="image/x-icon" href="http://example.com/favicon.ico" />
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  7. #7
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,261
    Thanks
    173
    Thanked 304 Times in 231 Posts
    I see several requests for the favicon, one after the other e.g. 4-11 in a row
    That is not normal. Bad bot IMO. I am an expert web coder btw

  8. #8
    TopDogger's Avatar
    TopDogger is online now Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,074
    Thanks
    347
    Thanked 913 Times in 697 Posts
    I think we both know that you are in the expert class of developers.

    It would be very strange for a DOS attack to go after a web object as miniscule as the favicon.ico file. Retrieving the home page thousands of times per minute or second would be much more effective and just as easy to do.

    Perhaps it is a script kiddie just playing around. Do you find thousands of requests coming from the same IP?
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  9. #9
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,261
    Thanks
    173
    Thanked 304 Times in 231 Posts
    I just checked the stats and only 1 IP accessed the site more than 100 times. So nothing to lose sleep over.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •