On Mon, 13 May 2002, Jay D. Dyson wrote:
> --[PinePGP]--------------------------------------------------[begin]--
> On Mon, 13 May 2002, Chip McClure wrote:
>
> > I don't have any luck finding out any info on ocg-corp.com either. :(
> > I've got a few of the hits in my webserver logs, the same as you. My
> > guess, someone's spoofing the reverse dns on it. Kinda sounds like
> > someone is doing some very hard spidering on your site.
>
> My experiment paid off. I figured the spider would goof at some
> point and cough up the IP address and I was happy to find this was true.
hostresolving in apache is not recommended (understatement!!).
> From there, it was all over but the shouting...
>
> $ nslookup 209.126.176.3
> Server: localhost
> Address: 127.0.0.1
>
> Name: gw.ocg-corp.com
> Address: 209.126.176.3
>
> And there we have the culprit. Who wants to throw the clue mallet
> at 'em? ;)
I have send a full log to the owner of the IP range according to the
available WHOIS information. I suggest you do so as well if you are
annoyed by this conduct.
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooijat_private http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon May 13 2002 - 16:04:47 PDT