3

Since I put up a new javascript file on my server a few days ago I've been getting strange 404's logs. It seems that some Java user-agent clashes with some part of the jQuery (1.6.2). I send an automated email whenever someone hits a 404 and I send along the server variable.

The http_user_agent is Java/1.4.1_04 and the request_uri is the following:

/frontend/js/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f(

And directly after that:

/frontend/js/]};bf.optgroup=bf.option,bf.tbody=bf.tfoot=bf.colgroup=bf.caption=bf.thead,bf.th=bf.td,f.support.htmlSerialize||(bf._default=[1,

Both parts of javascript can be found back in the minified source of jQuery. The /frontend/js/ is the path to my javascript files.

I've just read two similar questions on StackOverflow (1 and 2), but both don't have any solutions. I will comment there as well, but I was wondering if here might be more people having the same issue, and solved it.

Anyone having a clue?

Lode
  • 178
  • 1
  • 8

2 Answers2

3

The user agent has nothing to do with it, and it's certainly not causing problems - a bad URL should get a 404, which is what these requests are. It's some badly written bot requesting a ridiculously invalid path due to major parsing fail (notice that both invalid parts start and end at " characters?).

Take a moment to laugh at the poor fool who failed so badly at their bot's js parser, then proceed to ignore the 404s and move on with your day (or block that user-agent if you must).

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
3

Looking at my own server logs, I have several such entries spread over several weeks from several different IP addresses. All with similar - but slightly different - User Agents.

Most, but not all of the IP Addresses appear to be based in Romania.

Here's a sampling of my logs:

[02/Aug/2011:23:20:32 +0000] "GET /assets/js/,data:c,complete:function(a,b,c)%7bc=a.responseText,a.isResolved()&&(a.done(function(a)%7bc=a%7d),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"
[03/Aug/2011:05:06:30 +0000] "GET /assets/js/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"
[04/Aug/2011:12:03:35 +0000] "GET /assets/js/,data:c,complete:function(a,b,c)%7bc=a.responseText,a.isResolved()&&(a.done(function(a)%7bc=a%7d),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_11"
[06/Aug/2011:15:34:00 +0000] "GET /assets/js/,data:c,complete:function(a,b,c)%7bc=a.responseText,a.isResolved()&&(a.done(function(a)%7bc=a%7d),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_22"
[06/Aug/2011:18:20:46 +0000] "GET /assets/js/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_22"
[06/Aug/2011:19:40:11 +0000] "GET /assets/js/,data:c,complete:function(a,b,c)%7bc=a.responseText,a.isResolved()&&(a.done(function(a)%7bc=a%7d),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_25"
[07/Aug/2011:07:55:24 +0000] "GET /assets/js/,data:c,complete:function(a,b,c)%7bc=a.responseText,a.isResolved()&&(a.done(function(a)%7bc=a%7d),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_20"
[10/Aug/2011:09:07:47 +0000] "GET /assets/js/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_22"
[14/Aug/2011:14:53:58 +0000] "GET /assets/js/,data:c,complete:function(a,b,c)%7bc=a.responseText,a.isResolved()&&(a.done(function(a)%7bc=a%7d),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"
[16/Aug/2011:21:04:50 +0000] "GET /assets/js/,data:c,complete:function(a,b,c)%7bc=a.responseText,a.isResolved()&&(a.done(function(a)%7bc=a%7d),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"
[17/Aug/2011:09:19:12 +0000] "GET /assets/js/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"
[22/Aug/2011:01:50:44 +0000] "GET /assets/js/,data:c,complete:function(a,b,c)%7bc=a.responseText,a.isResolved()&&(a.done(function(a)%7bc=a%7d),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_26"
[22/Aug/2011:19:13:00 +0000] "GET /assets/js/,data:c,complete:function(a,b,c)%7bc=a.responseText,a.isResolved()&&(a.done(function(a)%7bc=a%7d),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"
[26/Aug/2011:18:15:06 +0000] "GET /assets/js/,data:c,complete:function(a,b,c)%7bc=a.responseText,a.isResolved()&&(a.done(function(a)%7bc=a%7d),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"
[08/Sep/2011:00:00:01 +0000] "GET /assets/js/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"
[10/Sep/2011:16:09:39 +0000] "GET /assets/js/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"
[12/Sep/2011:14:50:15 +0000] "GET /assets/js/,data:c,complete:function(a,b,c)%7bc=a.responseText,a.isResolved()&&(a.done(function(a)%7bc=a%7d),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"
[13/Sep/2011:14:25:08 +0000] "GET /assets/js/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"
[13/Sep/2011:16:14:05 +0000] "GET /assets/js/,data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f( HTTP/1.1" 200 203 "-" "Java/1.6.0_04"

While I don't believe this misguided bot is causing any harm, I'm going to be following the advice of this blog and block all hits from Java User Agents. As a preventative measure, you may want to do the same.

KevinH
  • 31
  • 1