« Previous Next »

• 06-25-2009, 8:23 AM

  encourage5 Joined on 06-02-2008, 8:55 AM Posts 3	Request.ServerVariables("server_name") spoofed Reply Contact Hi, We run logging of 404 and 500 errors on IIS 6. The value for Request.ServerVariables("server_name") is sometimes spoofed by some "bots". How do they do that? How can I detect and block it? Thanks, Andy
  	Tags: IIS 6.0server_namespooferrors

• 06-25-2009, 8:51 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,235	Re: Request.ServerVariables("server_name") spoofed Reply Contact What are you seeing in your logs? Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 06-25-2009, 10:56 AM

  In reply to

  encourage5 Joined on 06-02-2008, 8:55 AM Posts 3

  Re: Request.ServerVariables("server_name") spoofed Reply Contact Hi, Our logs record the following information. The site "www.xn58.com.cn" doesn't exist as an IIS entry or DNS record pointing to the server hit. The hits generate 404 errors which are logged. Request.ServerVariables("server_name") = www.xn58.com.cn Request.ServerVariables("SERVER_NAME") = www.xn58.com.cn Request.ServerVariables("query_string") = 404;http://www.xn58.com.cn/index.php Request.ServerVariables( "remote_addr" ) = 83.220.55.129    Request.ServerVariables("LOCAL_ADDR") = 192.168.1.9        Request.ServerVariables("HTTP_X_FORWARDED_FOR") = NULL Request.ServerVariables("HTTP_USER_AGENT") = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 4.3 (build 01218)) Let me know if you any further info... Andy

• 06-25-2009, 1:27 PM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,235

  Re: Request.ServerVariables("server_name") spoofed Reply Contact These are custom logs or IIS log files?  Request.ServerVariables is used in application code so I'm not understanding just yet how you know that it's returning these values and how that relates to any logging. Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 06-26-2009, 8:22 AM

  In reply to

  encourage5 Joined on 06-02-2008, 8:55 AM Posts 3	Re: Request.ServerVariables("server_name") spoofed Reply Contact Hi Tom, These are custom logs rather than IIS logs. The data is collected via asp code an iis custom 404 error page. Andy