I've had a sudden influx of several hundred 406 errors recorded in my error log, all originating from the same IP address (208.96.54.70). Today the log recorded several 501 errors, but from another address (71.91.125.27). Google searches haven't satisfactorily explained what causes 406 errors. Is this likely to be the result of some bot?
In the meantime yet another address (209.202.168.73) has been persistenly trying to access a non-existent file that has never existed, at the location 'http://mysite.com/users/myusername', and this has been going on for days. It kind of worries me that my user name is part of that address, but as I use the same name for both my FTP account, MySQL databases and my activity on the site, I'm not sure which path it's going through or what it's trying to achieve. I do have a 'users' directory, but the only things in it are users' forum avatars, which follow a different naming format from the file it's been trying to access.
So are these (mostly the 406 and 501) likely due to bots, or some legit user trying to do something and failing? Thanks.
Keep getting 406 error in error log
Moderator: General Moderators
Re: Keep getting 406 error in error log
406 is a not acceptable error. It means that the request was made using a method not supported...
Well, I think it does.
Supported requests are generally GET, POST, PUT...all that stuff.
Although I don't know why you'd get 500 of them in your log. Someone could be trying random attacks on your server. Unless your server has old software or is misconfigured I wouldn't worry though...
Well, I think it does.
Supported requests are generally GET, POST, PUT...all that stuff.
Although I don't know why you'd get 500 of them in your log. Someone could be trying random attacks on your server. Unless your server has old software or is misconfigured I wouldn't worry though...
Re: Keep getting 406 error in error log
mod_security produces 406 if the request is blocked (because of sql / xss in the url)
if the method is not implemented, the 501 - not implemented - is the correct response
as for the 404 errors - most likely they are produced by bots, that just try if there is something on that URL that they know (scanning for known vulnerabilities)
if the method is not implemented, the 501 - not implemented - is the correct response
as for the 404 errors - most likely they are produced by bots, that just try if there is something on that URL that they know (scanning for known vulnerabilities)