A 'guest' In My Access Logs

[Etanisla]

Reading my access logs for etanisla.com, I came across the following five lines:

 

168.75.177.2 - guest [08/Jul/2004:16:45:11 -0500]"GET / HTTP/1.1" 200 931 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

168.75.177.2 - - [08/Jul/2004:16:45:12 -0500] "GET /banned/ HTTP/1.1" 200 26363 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

168.75.177.2 - - [08/Jul/2004:16:45:12 -0500] "GET /Contact/WhoMe.html HTTP/1.1" 200 936 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

168.75.177.2 - guest [08/Jul/2004:16:45:12 -0500] "GET /gb.phtml HTTP/1.1" 200 1772 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

168.75.177.2 - guest [08/Jul/2004:16:45:12 -0500] "GET /BK/BK.phtml HTTP/1.1" 200 1524 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

 

The 'guest' in lines 1, 4, & 5, would that not be a physical guest to the system? Or is someone trying to sneak in?

 

(Yes, I'm paranoid about my sites.)

 

I am five hot seconds away from IP-banning the whole Class C block. But I thought I'd bounce this off wiser heads first.

[MikeJ]

That value generally displays an HTTP authenticated user. Is any part of your site htpasswd protected?

[Etanisla]

Yes, but none of those pages are.

 

I do have a directory that is htpasswd protected, but it is not linked to from the site itself.

[MikeJ]

If they authenticate to that directory, I believe they'll carry that authentication even if they visit non-protected pages.

[Etanisla]

Maybe it is my paranoia talking, but the protected directory hasn't been loaded in months, it certainly wasn't loaded today, and I had changed the passwords for the four users long before today.

 

So no one should have been able to access that directory, much less have a valid authentication to carry over.

 

But, I am also a complete newbie to htpasswd usage, using only the tools in cPanel.

 

So, if it is nothing to worry about, tell me and I'll go back to sleep...