I use php scripts when there are errors (like 400,404,403,etc), to email me and advise of what is being attempted.
I noticed on a 400 error, the ‘from’ and ‘to’ didn’t contain my domain name, but another domain name. This is some of the code I use …
$http_host = $_SERVER["HTTP_HOST"];
$http_host = str_replace("www.", "", $http_host);
$from = "From: webmaster@" . $http_host . "\\r\
";
$to = "From: webmaster@" . $http_host . "\\r\
";
The var $http_host had the other domain name there. Fortunately, the email bounced back, so I became aware of the problem. Here is the web access logs entry
94.102.51.246 - - [23/Feb/2013:16:17:49 +1100] “GET http://24x7-allrequestsallowed.com/?PHPSESSID=7jy745aa00143SRWJWS_FA%40FQN HTTP/1.1” 400 2815 “-” “Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0”
It seems $_SERVER[“HTTP_HOST”] was evaluated to ‘24x7-allrequestsallowed.com’
I’m mystified how this was parsed as a URL, but more uneasy that $_SERVER[“HTTP_HOST”] wasn’t set to the ‘proper’ domain name.
J