Hi
Im looking at my web server error logs and i spotted something that got my attention:

Code:

2011-06-18 02:26:18: (mod_fastcgi.c.2701) FastCGI-stderr: PHP Notice:  Undefined index: LOGEDIN in /var/www/......php on line #

So i look in access log file and this is what i see at that specific time:

Code:

204.95.*.* www.mypage.* - [18/Jun/2011:02:26:18 +0200] "HEAD /page/manage HTTP/1.1" 302 0 "-" "-"
204.95.*.* www.mypage.* - [18/Jun/2011:02:26:19 +0200] "HEAD / HTTP/1.1" 200 0 "-" "-"

Access to that page have only users that are logged in, as you can see from the error log (LOGEDIN), which apparently isn't set.

Im not very familiar with HTTP methods and response codes, but HEAD method is used to return headers only, correct?

Can anyone tell me is this something i should be concerned about?
Because im constantly under attack by different bots and scanners.
Thanks

Quote:

but HEAD method is used to return headers only, correct?

Correct, often used by script-kiddie bot testing for an exploit.

Quote:

Because im constantly under attack by different bots and scanners.

Aren't we all!

Quote:

Originally Posted by chrishirst

Aren't we all!

True

I found out why this error is occurring.
Windows live messenger bot (bing i guess) is trying to get headers when someone post a link to my page.

Another question is about bots and sessions but thats php thing and it's not for this section.

Thanks Chris, helpful as always.