Hosting site log files

[KiwiBrian]

Upon examining the log files from my ISP's Apache server, I note that there
are MANY entries like the following entries. They all appear to be trying to
access a file named bink.jpg and one named prion.jpg, both from the hpfiles
directory. I do have an hpfiles directory, but no files named bink.jpg or
prion.jpg in it or any subdirectories below hpfile.

Can anyone throw any light on this behaviour and why these two nonexistent
files are often being referenced?

200.21.40.183 - - [10/Jun/2006:08:06:56 +1200] "GET /hpfiles/bink.jpg
HTTP/1.1" 200 5 "-" "-"

203.152.117.110 - - [10/Jun/2006:08:09:19 +1200] "GET /hpfiles/prion.jpg
HTTP/1.1" 200 46 "-" "-"

Thanks

Brian Tozer

 

[Jonathan N. Little]

Upon examining the log files from my ISP's Apache server, I note that there
are MANY entries like the following entries. They all appear to be trying to
access a file named bink.jpg and one named prion.jpg, both from the hpfiles
directory. I do have an hpfiles directory, but no files named bink.jpg or
prion.jpg in it or any subdirectories below hpfile.

Can anyone throw any light on this behaviour and why these two nonexistent
files are often being referenced?

Are you sure they don't exist?

200.21.40.183 - - [10/Jun/2006:08:06:56 +1200] "GET /hpfiles/bink.jpg
HTTP/1.1" 200 5 "-" "-"

^^^ ^
the 200 means the get was successful and the 5 means 5 bytes where
transferred, very small jpg.

203.152.117.110 - - [10/Jun/2006:08:09:19 +1200] "GET /hpfiles/prion.jpg
HTTP/1.1" 200 46 "-" "-"

This one a teensy bit bigger at 46 bytes

 

[KiwiBrian]

Upon examining the log files from my ISP's Apache server, I note that
there are MANY entries like the following entries. They all appear to be
trying to access a file named bink.jpg and one named prion.jpg, both
from the hpfiles directory. I do have an hpfiles directory, but no files
named bink.jpg or prion.jpg in it or any subdirectories below hpfile.

Can anyone throw any light on this behaviour and why these two
nonexistent files are often being referenced?

Are you sure they don't exist?

200.21.40.183 - - [10/Jun/2006:08:06:56 +1200] "GET /hpfiles/bink.jpg
HTTP/1.1" 200 5 "-" "-"

^^^ ^
the 200 means the get was successful and the 5 means 5 bytes where
transferred, very small jpg.

203.152.117.110 - - [10/Jun/2006:08:09:19 +1200] "GET /hpfiles/prion.jpg
HTTP/1.1" 200 46 "-" "-"

This one a teensy bit bigger at 46 bytes

Thanks for your help Jonathon.
You are quite correct now that I actually look on my server and not just in
my archives.
Duh!!
However the mystery deepens/develops.
As I wrote, there are many calls for these files.

The binary contents of prion.jpg are:-
http://www.amievents.info/images/collect.php
followed by a $0d0a

The binary contents of bink.jpg are:-
1.1
followed by $0d0a

The URL contained in the first file means nothing to me and a site visit
gave no clues.
I think I will remove them from my site and examine the logs for more such
mystery file requests, but I would love an explanation.
Brian Tozer

 

[Grumplestiltskin]

The binary contents of prion.jpg are:-
http://www.amievents.info/images/collect.php
followed by a $0d0a

The binary contents of bink.jpg are:-
1.1
followed by $0d0a

The URL contained in the first file means nothing to me and a site visit
gave no clues.
I think I will remove them from my site and examine the logs for more such
mystery file requests, but I would love an explanation.
Brian Tozer

Brian, look for a reference to the file in any of your HTML pages.

<http://en.wikipedia.org/wiki/Web_bug#Implementation>

Are you any connection to the music industry? Would some spy at AMI
have any interest in your viewers?

 

[Jonathan N. Little]

Upon examining the log files from my ISP's Apache server, I note that
there are MANY entries like the following entries. They all appear to be
trying to access a file named bink.jpg and one named prion.jpg, both
from the hpfiles directory. I do have an hpfiles directory, but no files
named bink.jpg or prion.jpg in it or any subdirectories below hpfile.

Can anyone throw any light on this behaviour and why these two
nonexistent files are often being referenced?
Are you sure they don't exist?
200.21.40.183 - - [10/Jun/2006:08:06:56 +1200] "GET /hpfiles/bink.jpg
HTTP/1.1" 200 5 "-" "-"

^^^ ^
the 200 means the get was successful and the 5 means 5 bytes where
transferred, very small jpg.

203.152.117.110 - - [10/Jun/2006:08:09:19 +1200] "GET /hpfiles/prion.jpg
HTTP/1.1" 200 46 "-" "-"

This one a teensy bit bigger at 46 bytes

Thanks for your help Jonathon.
You are quite correct now that I actually look on my server and not just in
my archives.
Duh!!
However the mystery deepens/develops.
As I wrote, there are many calls for these files.

The binary contents of prion.jpg are:-
http://www.amievents.info/images/collect.php

Is your domain www.amievents.info?

followed by a $0d0a

Looks suspiciously like the hexadecimal for a new link on a Window's
platform... ) 0A 0D, possible the output of some script using
redirection? Bugs in script can output null or garbage files.....

The binary contents of bink.jpg are:-
1.1
followed by $0d0a

The URL contained in the first file means nothing to me and a site visit
gave no clues.
I think I will remove them from my site and examine the logs for more such
mystery file requests, but I would love an explanation.

 

[KiwiBrian]

KiwiBrian wrote:
Upon examining the log files from my ISP's Apache server, I note that
there are MANY entries like the following entries. They all appear to
be trying to access a file named bink.jpg and one named prion.jpg,
both from the hpfiles directory. I do have an hpfiles directory, but no
files named bink.jpg or prion.jpg in it or any subdirectories below
hpfile.

Can anyone throw any light on this behaviour and why these two
nonexistent files are often being referenced?

Are you sure they don't exist?
200.21.40.183 - - [10/Jun/2006:08:06:56 +1200] "GET /hpfiles/bink.jpg
HTTP/1.1" 200 5 "-" "-"
^^^ ^
the 200 means the get was successful and the 5 means 5 bytes where
transferred, very small jpg.

203.152.117.110 - - [10/Jun/2006:08:09:19 +1200] "GET
/hpfiles/prion.jpg HTTP/1.1" 200 46 "-" "-"
This one a teensy bit bigger at 46 bytes

Thanks for your help Jonathon.
You are quite correct now that I actually look on my server and not just
in my archives.
Duh!!
However the mystery deepens/develops.
As I wrote, there are many calls for these files.

The binary contents of prion.jpg are:-
http://www.amievents.info/images/collect.php

Is your domain www.amievents.info?

followed by a $0d0a

Looks suspiciously like the hexadecimal for a new link on a Window's
platform... ) 0A 0D, possible the output of some script using
redirection? Bugs in script can output null or garbage files.....

The binary contents of bink.jpg are:-
1.1
followed by $0d0a

The URL contained in the first file means nothing to me and a site visit
gave no clues.
I think I will remove them from my site and examine the logs for more
such mystery file requests, but I would love an explanation.

I have no connection with, or knowledge of, the URL contained in the first
file.
I removed the files from my server.
The polls of them continued every 10 minutes plus other spasmodic polls of
them.
For the next few hours polls of them returned 404 instead of 200.
As expected as they had been removed.
Then after several hours they started returning 200 again.
Investigation of my site revealed that the files had reappeared on my
server.
I have removed them again and if this scenario returns in a few hours, as I
expect, I will submit my results to my ISP with a please explain letter.
Very interesting, with worrying implications.
I will report outcome.
Brian Tozer