Seeing a ton of Apache requests that don't belong to me

Over the past 24 hours, I've been seeing a ton of requests on my linode that are not for my site; they have urls like: … n-us,en-us">,998&cxy=1413,1013&dxy=1413,1013&tz=480&ln=en-us,en-us,en-us


I'm also seening requests for,, a bunch of sites that I obviously do not host.

Overall, I'm seeing about 4,000 - 6,000 requests per minute.

These are all going to the 'default' vhost in my Apache configuration, which I have now set to 'deny from all'. However, quite a few requests still appear to be being replied to with an HTTP status code of 200! My vhost config contains:

Options FollowSymLinks

AllowOverride None

deny from all

My questions are:

  • Why are there still requests coming through that are not 403's?

  • I assume these requests are coming to my server due to a DNS misconfig or a deliberate attack; is there anything better that I could be doing to deny these requests / recede their occurrence?

1 Reply

If the traffic contains "GET /robots.txt HTTP/1.1" in the request, then those are from the search engine crawlers trying to index the content of your site.

or for more details on what to do with it.

If the traffic contains "GET /favicon.ico HTTP/1.1", then that is IE and other browser looking for the icon that can be placed next to the URL when bookmarking/adding your site to its favorites

Unfortunately you will always get other "background noise" from worms looking for vulnerable software. [for me recently, there seems to be an increase in scans for vulnerable phpmyadmin sites]

Just make sure that all your admin sites are secured/restricted/firewalled and no easily guessable passwords. A friend once had a script "locate" his admin pages within 1 hr of starting a config on a site (before he had a chance to change the default credentials)

I last calculated that the backgorund noise hit was ~ 4% of my bandwidth.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct