EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #05735


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] 'Interesting' requests for OAI endpoints


Hi

I’ve noticed some traffic on our servers that I find ‘interesting’.

The requests normally end in a 404 or 500 response – but it looks like someone is either trying to locate our OAI endpoint (it’s listed on the homepage! We’re EPrints – it’s where it always is!), or they’re probing for something else (a known vulnerability in DSpace / Fedora endpoints?)

 

Has anyone else noticed this behaviour?

The user-agent is Wget/1.16.1 (linux-gnu), and I can see a few different IPs making the requests (resolving the IPs to domains doesn’t seem to produce anything useful). The requests are spread over a wide timeframe (not a DOS type probe).

 

Examples of the URLs requested are below.

 

Cheers,

John

 

[25/May/2016:18:09:33 +0100] "GET /id/oaicat?verb=Identify HTTP/1.1" 404 7550 "-"

[25/May/2016:18:23:19 +0100] "GET /cgi/greenstone/cgi-bin/oaiserver.cgi?verb=Identify HTTP/1.1" 404 7577 "-"

[25/May/2016:18:26:05 +0100] "GET /id/eprint/do.oai?verb=Identify HTTP/1.1" 401 401 "-"

[25/May/2016:19:04:58 +0100] "GET /id/eprint/greenstone/cgi-bin/oaiserver?verb=Identify HTTP/1.1" 404 7579 "-"

[25/May/2016:19:31:10 +0100] "GET /id/eprint/phpoai/oai2.php?verb=Identify HTTP/1.1" 404 7566 "-"

[25/May/2016:19:49:10 +0100] "GET /id/eprint/844 HTTP/1.1" 401 401 "-"

[25/May/2016:20:02:33 +0100] "GET /cgi/oai/driver?verb=Identify HTTP/1.1" 404 7555 "-"

[25/May/2016:20:59:40 +0100] "GET /id/eprint/ HTTP/1.1" 404 7551 "-"

[26/May/2016:12:32:14 +0100] "GET /id/cgi-bin/oaiserver?verb=Identify HTTP/1.1" 404 7561 "-"

[26/May/2016:12:55:37 +0100] "GET /id/eprint/dspace-oai/request?verb=Identify HTTP/1.1" 404 7569 "-"

[26/May/2016:13:27:48 +0100] "GET /id/?page=oai&amp;verb=Identify HTTP/1.1" 404 7544 "-"

[26/May/2016:13:40:25 +0100] "GET /id/ir-oai/request?verb=Identify HTTP/1.1" 404 7558 "-"

[26/May/2016:13:54:00 +0100] "GET /id/eprint/opac/mmd_api/oai-pmh/?verb=Identify HTTP/1.1" 404 7572 "-"

[26/May/2016:14:05:03 +0100] "GET /oaiserver.cgi?verb=Identify HTTP/1.1" 404 7554 "-"

[26/May/2016:15:20:25 +0100] "GET /id/eprint/4058%26juHash=7617d1d41c320103931c7b2d922e5eddcb14229e+&amp;cd=19&amp;hl=en&amp;ct=clnk&amp;gl=n HTTP/1.1" 401 401 "-"