__/ [ Mark Goodge ] on Monday 20 March 2006 07:12 \__
> On Mon, 20 Mar 2006 05:47:18 +0000, Roy Schestowitz put finger to
> keyboard and typed:
>>I was hoping someone could shed light on this:
>>Recently I have been spotted many of the following in the error 404 logs:
>>[client 188.8.131.52] client denied by server configuration:
>>While ~/Spy.txt does not exist on the server, this is particularly odd
>>because of the status, which has no reason and I could not reproduce. If I
>>try to access this myself:
>>[client <MY_IP>] File does not exist: /home/schestow/public_html/Spy.txt
>>I haven't banned any IP's. For sever months I have also been getting plenty
>>[client <IP>] client denied by server configuration:
>>Could any of this be malicious?
> Is it your own server, or are you on a shared host?
> If the latter, the hosting company is probably blocking IP addresses
> by reference to a known blacklist. It's probably returning a 403
> ("Forbidden") error to the requestor.
It's a shared host. Later on I began to suspect that a recent filter they had
installed would have caused this. Apparently, this 'Spy.txt thing' is a
Web-wide flood. There were similar floods before with 'xx' (something in
Seoul, confirmed in this newsgroup) and I think there are sometimes 404
tests, which appear to hit millions of Web sites in a matter of hours. I
believe that's forbidden, especially if you consider the impact, time-wise,
that is comparable with E-mail spam.