I've been seeing Web addresses during my apache server logs which are clearly intended for another site. The most typical one which I see is Facebook, but I have also seen Tumblr and YouTube. I'm trying to puzzle out how that may happen. Here's one particular request which was drenched on my small server (I removed the remote Ip):
[IP Redacted] - - [21/Sep/2011:13:31:35 +0000] "POST /ajax/chat/buddy_list.php?__a=1 HTTP/1.1" 404 797 "http://www.facebook.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_1) AppleWebKit/534.48.3 (KHTML, like Gecko)"
This appears like someone was on facebook.com, using Facebook chat, and for reasons uknown the publish got delivered to my server. Does anybody know based on how this might happen, or the way i may go about looking into it further?
So far as I understand, when posting a hyperlink on Facebook for your site, Facebook will generally attempt to acquire some information (page title, article title, some text, perhaps a photo) in the link. I suspect that that's what is happening here.
You will find a myriad of script kids that use your apache server like a proxy. I'm not sure associated with a weaknesses about this, but results associated with which i found also on my small logs. You shouldn't be worried about them.
My prediction could be "automated 'hacking' scripts blindly trying everything and anything within their toolbox" - much like this question. In case your server handles the demands properly (i.e. returns a suitable error page, and does not forward them), you ought to be out of the woods.
Look at your hosts file if any visitors are being directed or this may be the referer from the website they last accustomed to achieve your server.
Also they may be making use of your server like a proxy to get into blocked websites since the visitors are dealing with you. I am searching at again also it appears you're obstructing Facebook since the 404?
EDIT: You could attempt obstructing common websites out of your server while using hosts file to ensure they are piss off.