[drupal-support] Problem (hacker attempt to access FrontPage
extensions--and then some)
Larry Garfield
larry at garfieldtech.com
Tue Aug 9 18:40:47 UTC 2005
On Tuesday 09 August 2005 01:12 pm, Adam Gaffin wrote:
> You might want to check your server logs to see if you're getting unusually
> high numbers of requests for your site banner or some other graphic. For
> awhile, I had some pay-per-click fraud scammer in China downloading my site
> banner tens of thousands of times a day, along with seeming requests for
> URLs nowhere on my site. If so, there's some code you can put in .htaccess
> that will only allow graphics to be downloaded via URLs specifically on
> your site (this will also block any forum "hotlinkers" you might have).
>
> I also see regular requests for files such as proxy.cgi, which I assume is
> from some script kiddie looking to play.
Hm, nope, nothing for image files. What I'm seeing is log lines like this:
211.157.35.46 - - [29/Jul/2005:00:08:00 -0400] "GET
http://partners.mygeek.com/search.jsp?partnerid=98851&ip=64.112.57.89&query=skateboarding
HTTP/1.1" 404 4223 "http://www.buycoolproducts.com" "Mozilla/5.0 (compatible;
Windows NT 5.0; MSIE 5.5;)"
Repeated ad nausem. The query part of the URL varies, but the domain is
almost always the same. Even when it's not, it's still the same IP. The
referring site varies, too, but like above is always something that looks
like a spam domain.
Naturally, my site is not mygeek.com. :-)
It doesn't seem like a hack attack, since I don't see how it would hit any
security hole to request a domain that is not me. That's why I'm wondering
if whoever runs mygeek.com (or a few other domains that keep showing up) just
has a misconfigured DNS.
--
Larry Garfield AIM: LOLG42
larry at garfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
More information about the drupal-support
mailing list