[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] 'Interesting' requests for OAI endpoints



Hi
I've noticed some traffic on our servers that I find 'interesting'.
The requests normally end in a 404 or 500 response - but it looks like someone is either trying to locate our OAI endpoint (it's listed on the homepage! We're EPrints - it's where it always is!), or they're probing for something else (a known vulnerability in DSpace / Fedora endpoints?)

Has anyone else noticed this behaviour?
The user-agent is Wget/1.16.1 (linux-gnu), and I can see a few different IPs making the requests (resolving the IPs to domains doesn't seem to produce anything useful). The requests are spread over a wide timeframe (not a DOS type probe).

Examples of the URLs requested are below.

Cheers,
John

[25/May/2016:18:09:33 +0100] "GET /id/oaicat?verb=Identify HTTP/1.1" 404 7550 "-"
[25/May/2016:18:23:19 +0100] "GET /cgi/greenstone/cgi-bin/oaiserver.cgi?verb=Identify HTTP/1.1" 404 7577 "-"
[25/May/2016:18:26:05 +0100] "GET /id/eprint/do.oai?verb=Identify HTTP/1.1" 401 401 "-"
[25/May/2016:19:04:58 +0100] "GET /id/eprint/greenstone/cgi-bin/oaiserver?verb=Identify HTTP/1.1" 404 7579 "-"
[25/May/2016:19:31:10 +0100] "GET /id/eprint/phpoai/oai2.php?verb=Identify HTTP/1.1" 404 7566 "-"
[25/May/2016:19:49:10 +0100] "GET /id/eprint/844 HTTP/1.1" 401 401 "-"
[25/May/2016:20:02:33 +0100] "GET /cgi/oai/driver?verb=Identify HTTP/1.1" 404 7555 "-"
[25/May/2016:20:59:40 +0100] "GET /id/eprint/ HTTP/1.1" 404 7551 "-"
[26/May/2016:12:32:14 +0100] "GET /id/cgi-bin/oaiserver?verb=Identify HTTP/1.1" 404 7561 "-"
[26/May/2016:12:55:37 +0100] "GET /id/eprint/dspace-oai/request?verb=Identify HTTP/1.1" 404 7569 "-"
[26/May/2016:13:27:48 +0100] "GET /id/?page=oai&verb=Identify HTTP/1.1" 404 7544 "-"
[26/May/2016:13:40:25 +0100] "GET /id/ir-oai/request?verb=Identify HTTP/1.1" 404 7558 "-"
[26/May/2016:13:54:00 +0100] "GET /id/eprint/opac/mmd_api/oai-pmh/?verb=Identify HTTP/1.1" 404 7572 "-"
[26/May/2016:14:05:03 +0100] "GET /oaiserver.cgi?verb=Identify HTTP/1.1" 404 7554 "-"
[26/May/2016:15:20:25 +0100] "GET /id/eprint/4058%26juHash=7617d1d41c320103931c7b2d922e5eddcb14229e+&cd=19&hl=en&ct=clnk&gl=n HTTP/1.1" 401 401 "-"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20160526/2e30c49c/attachment.html