My IP address appears on a log entry - Webmaster General forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

My IP address appears on a log entry

google

revrob

1:22 pm on Mar 13, 2011 (gmt 0)

10+ Year Member

Yesterday I found a single line apparently from a google IP address in my site logs (1&1) with my own recently acquired dynamic IP address at the end. It got a 403 response as I have .htaccess blocks for blank useragent strings. The IP address at the end of the string beginning with 86. is my own. The one at the beginning appears to be a google one.

Thus:
209.85.228.82 - - [12/Mar/2011:16:39:09 +0100] "GET /favicon.ico HTTP/1.1" 403 - **********.org.uk "-" "-" "86.***.***.**"

NetRange: 209.85.128.0 - 209.85.255.255
CIDR: 209.85.128.0/17
OriginAS:
NetName: GOOGLE
NetHandle: NET-209-85-128-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
NameServer: NS1.GOOGLE.COM

I can't work out why my (dynamic) IP address has appeared in this entry, and as far as I can see it does not relate to any google searches made by me as I did not use google to look for my own site or anything on it at that time. I'd be interested in any feedback. My basic settings for google searces is that I use the https:// encrypted google search, and I also have the Firefox addon - "GoogleSharing 0.2"

The only conclusion I can come to is that it may relate to the IP address being dynamic. I think I acquired the IP address at about 2.15pm(GMT) on Friday, and the log entry above on my site log is for 3.39pm (GMT) Friday

phranque

12:52 am on Mar 14, 2011 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

Top Contributors Of The Month

that is not a standard log format (common or combined) so you will have to look in your server config to understand what extra fields are specified for the custom log format.

revrob

9:52 am on Mar 14, 2011 (gmt 0)

10+ Year Member

Thank you for your reply.

Sorry but I don't understand your post - could you put it another way or explain what you mean about log formats or what is unusual about the log entry?

I can't help the way my web hosts format their logs - the log entry is as recorded and my question is about trying to work out why my own IP address appears at the end.

The log entry is the single line - the WHOIS info is nothing to do with the log entry but just to give WHOIS info about the apparent IP address of the website visitor.

phranque

12:52 pm on Mar 14, 2011 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

Top Contributors Of The Month

what normally appears in that column?

Custom Log Formats:
http://httpd.apache.org/docs/current/mod/mod_log_config.html#formats [httpd.apache.org]

revrob

6:24 pm on Mar 14, 2011 (gmt 0)

10+ Year Member

Thanks again for the reply.

Usually it has "-"

Here is a "normal" log entry from my website logs
207.46.199.184 - - [14/Mar/2011:04:58:25 +0100] "GET /robots.txt HTTP/1.1" 200 6163 mydomain.org.uk "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" "-"

- the only other time I see an IP address at the end, is in a Yahoo FeedSeeker entry, when it asks for an rss.xml file. Then it has an inktomi IP address in that last section. For example - today every entry on the log has "-" at the end, except for this one Yahoo visit:

216.39.58.17 - - [14/Mar/2011:06:54:19 +0100] "GET /rss.xml HTTP/1.0" 200 2521 mydomain.org.uk "-" "YahooFeedSeeker/2.0 (compatible; Mozilla 4.0; MSIE 5.5; [publisher.yahoo.com...] users 1; views 12)" "66.196.99.198"

The suspect entry is similar to that - but with my dynamic recently acquired IP address at the end, and a google.com IP at the beginning.

Just to clarify - I read the url you linked to about Apache server configuration and log formats, and wasn't really able to follow it. I'm referring to my commercial website host 1&1 providing me with access logs to my website server - those are the logs I am referring to. I couldn't make sense of what was on that page I'm afraid.

My logs come from here:
ftp://**********.********.co.uk/logs/access.log.current

Frank_Rizzo

7:02 pm on Mar 14, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

That last field could be the X_FORWARDED_FOR IP address. 209.85.228.82 is a google DNS server. The field is just forwarding what your IP address was.

I'm not sure but the fact it was calling favicon.ico usually happens when google prefetches the website ico file on a serps page.

It could be a browser google toolbar calling for the file sporadically.

revrob

11:12 pm on Mar 14, 2011 (gmt 0)

10+ Year Member

Oh - hello Frank! We meet again!
As far as I could ascertain I was not using google to search for the website at the time. I did use it for other things but NOT for looking for my own website. I don't have any toolbars.

The only other possible explanation could be that if I logged into google, (where I have a webmaster tools account, and where my site is on my account, and it has a google identifier code on the site's 1&1 ftp server to verify it) might google just go and check my site anyway? Even if I didn't do a search, but logged into google while searching for something else? What I am almost certain of, is that at the time, I did NOT search for my own site or visit it via google. Obviously I am anxious if something else harvested my IP address and shared it with google and then it ended up on my site log from someone else's site visit.

With my ISP, a known lawbreaker and covert DPI interceptor of communications and data harvester, you never know what they might be snooping on or harvesting. So I tend to be very suspicious.