Today I noticed something strange in the access report of this site. In the error codes list I found error 411.
Since I haven’t seen this error code before, I googled on internet for some more information.
The official RFC 2616 says the following: The server refuses to accept the request without a defined Content-Length. The client MAY repeat the request if it adds a valid Content-Length header field containing the length of the message-body in the request message.
It appears that a server is returning code 411 when a client (=browser) tries to send data to the server without specifying the size of the data. Normally a client only receives data from the server (reading pages), and all common modern browsers are programmed in such a way that they include the data length when sending data.
Therefore I suspected that somebody with a home-grown application had tried to mess with my site.
I did a quick grep in my Apache log files and found out that somebody had accessed the file mt-xmlrpc.cgi with an application that identified itself as Java/1.4.1_01
.
This file is a XML-RPC interface to Movable Type, allowing other applications to interact with MT, for example to publish entries on this site from a special desktop client.
Since I am the only responsible for this site, nobody but me has any reason to use this file. This visitor also triggered my Spam trap, and was already blocked from my system, but if not, his badly programmed application did ring the alarm bell.