[tngusers2] Site accessed by 'unknown'
Steve Voght
stevevoght at gmail.com
Fri Aug 21 16:01:56 CDT 2009
What's most likely happening here is that TNG is requesting the remote
host name (on log.php line 18 in TNG 7.1.1), and in this mysterious
case the host is actually returning the name "unknown". Typically if a
host doesn't have a name the request fails and TNG defaults to just
showing the IP address, but in this case it seems that the host name
is actually "unknown." This doesn't mean the host doesn't have an IP
address (you can spoof IPs and mask them using proxies, but there
*always* has to be a remote IP address to send the data to.)
If you're concerned about what this host is potentially doing, and
wish to block them in the future, you can obtain the IP in one of two
ways: the easiest solution would be to look into your server's log
files (the web logs, not the TNG logs), find the entry for that
date/time/page and check the IP address there. Alternately, for future
events you can install the Custom Logs mod for TNG, which both
modifies the log files to separate out all the web crawlers into their
own separate log file, and also modifies the records in the regular
log file to show both the host name (if available), and the host IP
address, so that in the future you will see "unknown/12.34.56.78"
instead of just "unknown" for these sort of situations.
Cheers,
Steve
On Fri, Aug 21, 2009 at 1:40 PM, Graham
Chamberlain<agc at katiandgraham.com> wrote:
> I tried posting a similar question some time ago but no one responded.
> Today I had an access show in the access log where the identity of the user
> was stated as 'unknown'. How can identity be withheld and is there a way to
> block access to anyone who withholds their identity?
>
> Graham
More information about the tngusers2
mailing list