Note that this is for every file/image/etc. that has been downloaded from my site (javaop.clan-e1.net) with a GET request on browsers that actually send a proper user-agent:
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep GET | wc -l
47220
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep Windows | wc -l
21892
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep Linux | wc -l
2366
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep Mac | wc -l
840This is the number of times that somebody tried to exploit a WebDAV vulnerability (more on this at the bottom):
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep SEARCH | wc -l
233This is the number of hits from googlebot:
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep -i googlebot | wc -l
45This is the number of hits from msnbot:
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep -i msnbot | wc -l
657And finally, this was some very stupid person trying to get Yahoo's site from my server with a very invalid request (you would never put http:// in a GET..):
iago@darkside:/usr/local/apache2/logs$ cat access_log | grep -i yahoo
220.170.88.36 - - [25/Aug/2004:19:50:04 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 3429 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
220.170.88.36 - - [02/Sep/2004:18:29:56 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 5146 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
220.170.88.36 - - [01/Oct/2004:15:27:52 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 7580 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
220.170.88.36 - - [09/Oct/2004:08:45:43 -0500] "GET http://www.yahoo.com/ HTTP/1.1" 200 7580 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"The entire inspiration for doing this is that SEARCH requests, though, which were the WebDAV exploit. For anybody who cares, this is the full request (very long):
http://javaop.clan-e1.net/tmp/shellcode
