Hi, At the linux counter we noticed that the webserver logs get a large number of hits with a referrer setting to porn sites. This seems to be the latest in the SPAM techniques. (See also: http://www.wired.com/news/culture/0,1284,56017,00.html) Doing some digging myself it seem the request are made by genuine webbrowsers being lured into muddy watters somehow. IP adddresses that show up much do have a variaty of user-agent types and a telnet to port 8080 seems to indicate it is just a proxy. Does anyone know how the request are actually generated? Is it a backdoor installed via tools like kazaa? Or is it a matter of pop-up windows on these porn-sites? (So we just get hit by di...... ;-) Any clues on what techniques are used and how they can be stopped are appreciated. Hugo. -- All email sent to me is bound to the rules described on my homepage. hvdkooijat_private http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 28 2002 - 15:15:14 PST