Re: Got 'em. (was "Re:")

From: Hugo van der Kooij (hvdkooijat_private)
Date: Mon May 13 2002 - 15:57:47 PDT

  • Next message: Stephen Samuel: "Nimda type attacks with broken GETs"

    On Mon, 13 May 2002, Jay D. Dyson wrote:
    > --[PinePGP]--------------------------------------------------[begin]--
    > On Mon, 13 May 2002, Chip McClure wrote:
    > > I don't have any luck finding out any info on either. :(
    > > I've got a few of the hits in my webserver logs, the same as you. My
    > > guess, someone's spoofing the reverse dns on it. Kinda sounds like
    > > someone is doing some very hard spidering on your site.
    > 	My experiment paid off.  I figured the spider would goof at some
    > point and cough up the IP address and I was happy to find this was true.
    hostresolving in apache is not recommended (understatement!!).
    > 	From there, it was all over but the shouting...
    > $ nslookup
    > Server:  localhost
    > Address:
    > Name:
    > Address:
    > 	And there we have the culprit.  Who wants to throw the clue mallet
    > at 'em?  ;)
    I have send a full log to the owner of the IP range according to the 
    available WHOIS information. I suggest you do so as well if you are 
    annoyed by this conduct.
    All email send to me is bound to the rules described on my homepage.
    	    Don't meddle in the affairs of sysadmins,
    	    for they are subtle and quick to anger.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Mon May 13 2002 - 16:04:47 PDT