EPrints Technical Mailing List Archive

Message: #05735

[EP-tech] 'Interesting' requests for OAI endpoints

To: "'eprints-tech@ecs.soton.ac.uk'" <eprints-tech@ecs.soton.ac.uk>
Subject: [EP-tech] 'Interesting' requests for OAI endpoints
From: John Salter <J.Salter@leeds.ac.uk>
Date: Thu, 26 May 2016 14:58:24 +0000

I’ve noticed some traffic on our servers that I find ‘interesting’.

The requests normally end in a 404 or 500 response – but it looks like someone is either trying to locate our OAI endpoint (it’s listed on the homepage! We’re EPrints – it’s where it always is!), or they’re probing for something else (a known vulnerability in DSpace / Fedora endpoints?)

Has anyone else noticed this behaviour?

The user-agent is Wget/1.16.1 (linux-gnu), and I can see a few different IPs making the requests (resolving the IPs to domains doesn’t seem to produce anything useful). The requests are spread over a wide timeframe (not a DOS type probe).

Examples of the URLs requested are below.

Cheers,

John

[25/May/2016:18:09:33 +0100] "GET /id/oaicat?verb=Identify HTTP/1.1" 404 7550 "-"

[25/May/2016:18:23:19 +0100] "GET /cgi/greenstone/cgi-bin/oaiserver.cgi?verb=Identify HTTP/1.1" 404 7577 "-"

[25/May/2016:18:26:05 +0100] "GET /id/eprint/do.oai?verb=Identify HTTP/1.1" 401 401 "-"

[25/May/2016:19:04:58 +0100] "GET /id/eprint/greenstone/cgi-bin/oaiserver?verb=Identify HTTP/1.1" 404 7579 "-"

[25/May/2016:19:31:10 +0100] "GET /id/eprint/phpoai/oai2.php?verb=Identify HTTP/1.1" 404 7566 "-"

[25/May/2016:19:49:10 +0100] "GET /id/eprint/844 HTTP/1.1" 401 401 "-"

[25/May/2016:20:02:33 +0100] "GET /cgi/oai/driver?verb=Identify HTTP/1.1" 404 7555 "-"

[25/May/2016:20:59:40 +0100] "GET /id/eprint/ HTTP/1.1" 404 7551 "-"

[26/May/2016:12:32:14 +0100] "GET /id/cgi-bin/oaiserver?verb=Identify HTTP/1.1" 404 7561 "-"

[26/May/2016:12:55:37 +0100] "GET /id/eprint/dspace-oai/request?verb=Identify HTTP/1.1" 404 7569 "-"

[26/May/2016:13:27:48 +0100] "GET /id/?page=oai&verb=Identify HTTP/1.1" 404 7544 "-"

[26/May/2016:13:40:25 +0100] "GET /id/ir-oai/request?verb=Identify HTTP/1.1" 404 7558 "-"

[26/May/2016:13:54:00 +0100] "GET /id/eprint/opac/mmd_api/oai-pmh/?verb=Identify HTTP/1.1" 404 7572 "-"

[26/May/2016:14:05:03 +0100] "GET /oaiserver.cgi?verb=Identify HTTP/1.1" 404 7554 "-"

[26/May/2016:15:20:25 +0100] "GET /id/eprint/4058%26juHash=7617d1d41c320103931c7b2d922e5eddcb14229e+&cd=19&hl=en&ct=clnk&gl=n HTTP/1.1" 401 401 "-"

Prev by Date: [EP-tech] Edit the citation page range
Next by Date: Re: [EP-tech] Edit the citation page range
Previous by thread: [EP-tech] Event Queue 'Bug' ?
Next by thread: [EP-tech] Digital Preservation in EPrints
Index(es):
- Date
- Thread