Seeing a ton of Apache requests that don't belong to me
I'm also seening requests for bing.com, yahoo.com, a bunch of sites that I obviously do not host.
Overall, I'm seeing about 4,000 - 6,000 requests per minute.
These are all going to the 'default' vhost in my Apache configuration, which I have now set to 'deny from all'. However, quite a few requests still appear to be being replied to with an HTTP status code of 200! My vhost config contains:
deny from all
My questions are:
Why are there still requests coming through that are not 403's?
I assume these requests are coming to my server due to a DNS misconfig or a deliberate attack; is there anything better that I could be doing to deny these requests / recede their occurrence?
If the traffic contains "GET /favicon.ico HTTP/1.1", then that is IE and other browser looking for the icon that can be placed next to the URL when bookmarking/adding your site to its favorites
Unfortunately you will always get other "background noise" from worms looking for vulnerable software. [for me recently, there seems to be an increase in scans for vulnerable phpmyadmin sites]
Just make sure that all your admin sites are secured/restricted/firewalled and no easily guessable passwords. A friend once had a script "locate" his admin pages within 1 hr of starting a config on a site (before he had a chance to change the default credentials)
I last calculated that the backgorund noise hit was ~ 4% of my bandwidth.