Distributed referer log spamming?
I always look at my web server logs, I find the various log spammers, bots and RSS readers really interesting. About a week ago I noticed a lot of log spamming all in a short period of time and thought something must be going on but waited till it happened again.
Today again I got 5 log spam attempts in a very short interval from different IP addresses. As this is the 2nd time this happens I can only imagine this is 5 machines that is acting in a coordinated fashion.
64.69.172.9 - - [16/Apr/2004:15:29:46 +0100] "GET / HTTP/1.0" 200 32759 "http://www.nudecelebblogs.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
201.128.123.11 - - [16/Apr/2004:15:33:09 +0100] "GET / HTTP/1.0" 200 32759 "http://paris-hilton-video.blogspot.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
212.163.30.100 - - [16/Apr/2004:15:34:15 +0100] "GET / HTTP/1.0" 200 32759 "http://www.shatteredreality.net" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
217.219.165.3 - - [16/Apr/2004:15:34:46 +0100] "GET / HTTP/1.1" 200 32861 "http://britneyspearsnude.blogspot.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
80.58.35.46 - - [16/Apr/2004:15:37:23 +0100] "GET / HTTP/1.0" 200 32759 "http://www.amateurxpass.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
The IP addresses are in US, MX, ES, IR and ES and interestingly enough have exactly the same user agent. 2 of the machines are running mail servers and may also be NAT/Masquarading machines I am guessing.
Eitherway, I think someone is controlling a bunch of bot machines and using them to spam logs. I wonder if I contact the hosting companies of these sites if they will shut them down?
About R.I. Pienaar
Systems Administrator, Consultant, Linux Guy, Automator, Ruby CoderLinks
- @ripienaar
- Flashpolicyd
- Flickr
- London DevOps Group
- MCollective Plugins
- R.I.Pienaar
- Ruby PDNS
- The Marionette Collective
- Wiki
Tweets
- Blog Post: New release of my Puppet Concat tool with 0.24.8+ support http://bit.ly/aA9RYh #puppet
- French village went insane after CIA spiked its bread with LSD http://bit.ly/9r2307
- It's ironic how you cannot send email with google charts api images to gmail users and expect it to work. way to go.
- Google charting API really is very sexy
- High Scalability: Saying Yes to NoSQL; Going Steady with Cassandra at Digg http://bit.ly/9Kli5f
- Caffiene infused. 2am to bed day before delivering the last talk of the day is not recommended
- Once again discovering that something as simple as correct MX and NS records is a very effective CAPTCHA to weed out idiot hosting companies
- I love the E4 ipad ripoff ad http://srt.ly/epad
- RT @garnaat: The only accurate model of the system is the system itself. All other representations are a compromise. <- what he said
- Parallels announces support for Google Chrome Operating System http://bit.ly/aCXXCJ
Reading
Planned books:
- The Science of Fear: How the Culture of Fear Manipulates Your Brain by Daniel Gardner
- Relentless by Dean Koontz
- Mind Over Ship by David Marusek
- The New Space Opera by Gardner Dozois
- The New Space Opera 2 by Gardner Dozois, Jonathan Strahan
Current books:
-
Ariel: A Book of the Change by Steven R. Boyett
Recent books:
- Hacking Vim: A Cookbook to Get the Most Out of the Latest Vim Editor by Kim Schulz
- Beautiful Architecture: Leading Thinkers Reveal the Hidden Beauty in Software Design by Diomidis Spinellis , Georgios Gousios
Categories
Archives
Licence
