<div>In the current error log that I'm looking it, 50% of the bad requests came from one IP address and 50% of them came from another. It is unlikely that its a bot as both IP addresses are registered to educational institutions which are our primary users, but good point, I will keep an eye on it.</div>
<div> </div>
<div>Thanks<br><br></div>
<div class="gmail_quote">On Tue, Jan 13, 2009 at 6:42 PM, Nick Pearson <span dir="ltr"><<a href="mailto:nick.pearson@gmail.com">nick.pearson@gmail.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">Hi Ilan,<br><br>Try changing the output format for the error log file to include the user agent. Or, look for requests to /letters/.mp3 in your access log, which may already contain the user agent. You may find that these requests are coming from a bot that is parsing the links in your site incorrectly. I see this consistently on the ten or so sites I host, although the errors I usually see are for the directory and filename with no file extension (such as /forms/document when the link actually points to /forms/document.pdf).<br>
<br>It might also help to compare the remote IP addresses to see whether the bad requests always come from the same IP or IP range which might indicate that it is a bot.
<div>
<div></div>
<div class="Wj3C7c"><br><br>
<div class="gmail_quote">On Tue, Jan 13, 2009 at 5:05 PM, Ilan Berkner <span dir="ltr"><<a target="_blank" href="mailto:iberkner@gmail.com">iberkner@gmail.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0pt 0pt 0pt 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div>Hi All,</div>
<div> </div>
<div>We are getting many of these errors:</div>
<div> </div>
<div>2009/01/13 13:04:28 [error] 27100#0: *782718 open() "/home/spellcit/public_html/letters/.mp3" failed (2: No such file or directory), client: 204.38.160.220, server: <a target="_blank" href="http://www.spellingcity.com/">www.spellingcity.com</a>, request: "GET /letters/.mp3 HTTP/1.1", host: "<a target="_blank" href="http://www.spellingcity.com/">www.spellingcity.com</a>"<br>
</div>
<div>Essentially one of 2 things is happening:</div>
<div> </div>
<div>(1) One of our php or flash files is trying to access this invalid file "/letters/.mp3" or</div>
<div>(2) A user is trying to access this directly (unlikely).</div>
<div> </div>
<div>The problem is that the log entry does not on the surface reveal enough information about where the request is coming from so we're having a tough time identifying the source of the request. Is there a way (is it possible) to add more information to the log entry to better identify the source of the request (swf, php, html, direct, etc.).</div>
<div> </div>
<div>Thanks</div></blockquote></div><br></div></div></blockquote></div><br>