The Linux Page

Hacker's bot did an explicit QUIT... Ha! Ha! Ha!

I found the following in my logs, and thought it was very funny:

198.20.87.98 - - [22/Dec/2015:21:43:42 -0800] "GET / HTTP/1.1" 444 5666 "-" "-"
198.20.87.98 - - [22/Dec/2015:21:43:42 -0800] "GET /robots.txt HTTP/1.1" 444 5666 "-" "-"
198.20.87.98 - - [22/Dec/2015:21:43:42 -0800] "GET /sitemap.xml HTTP/1.1" 444 5666 "-" "-"
198.20.87.98 - - [22/Dec/2015:21:43:58 -0800] "quit" 405 5461 "-" "-"

The person who wrote this robot is not sending me who he is (last "-" is expected to be the name of the robot or the client's browser.) So as you can see, I return 444 as the answer. Just to annoy them. The 444 is used by Ningx as a "no response" type of response. It is not a legal HTTP response, but I like to use it to clearly distinguish certain errors I get. In this case, it is returned because the robot is attempting to access my website with a Host defined as an IP address instead of a (valid) domain name.

But what I find really funny is the QUIT command at the end. It is NOT a valid HTTP command. My server does it right, it actually returns a 405 (Method Not Allowed) error code. I just thought that was funny. I suppose some HTTP applications (such as DAV) may support a QUIT command.

Interestingly enough, this seems to be a sane (non-hacker) search engine that tries to see whether your website is an application offering certain things like a refrigirator (?!?) or a webcam.