Interworx uses mod_watch with Apache for recording bandwidth usage as described here.
Today I was searching for some files and stumbled upon odd files within the /var/lib/mod_watch folder. Basically there are thousands of files in there of various domain names which are not mine.
This is on a server that I’ve used for a few years and am decommissioning within the next few days.
I’m curious, though, what all those thousands of files for various domain names are. Is it something to be concerned about? Is it some kind of referral spam of some sort?
I’ve thought about this since I read it, and I also checked our folder, which as you state, contain some domains not listed on our server, as well as some IP which I know are not ours.
I would personally think it is quiet safe to ignore, as I believe it is either referring domains used by the domain hosted on your server or connecting domains/IP. I need to think about that one a little more sorry.
As an example, for my thoughts, if say one of your hosts had a billing system, or a domain checker, etc… I would think it may show the domain in mod_watch, as it is using bandwidth to another server. Of course, I could be entirely wrong sorry.
I hope this helps
In case any interworx techs want to look into this issue in the future, I saved an ‘ls -a’ of the mod_watch folder. There were over 9,000 domain files in there. My guess is that it’s some kind of referral spam as all the domains look like referral spam that’s seen in apache access logs.