On Tuesday 09 August 2005 01:12 pm, Adam Gaffin wrote:
You might want to check your server logs to see if you're getting unusually high numbers of requests for your site banner or some other graphic. For awhile, I had some pay-per-click fraud scammer in China downloading my site banner tens of thousands of times a day, along with seeming requests for URLs nowhere on my site. If so, there's some code you can put in .htaccess that will only allow graphics to be downloaded via URLs specifically on your site (this will also block any forum "hotlinkers" you might have).
I also see regular requests for files such as proxy.cgi, which I assume is from some script kiddie looking to play.
Hm, nope, nothing for image files. What I'm seeing is log lines like this:
211.157.35.46 - - [29/Jul/2005:00:08:00 -0400] "GET http://partners.mygeek.com/search.jsp?partnerid=98851&ip=64.112.57.89&am... HTTP/1.1" 404 4223 "http://www.buycoolproducts.com" "Mozilla/5.0 (compatible; Windows NT 5.0; MSIE 5.5;)"
Repeated ad nausem. The query part of the URL varies, but the domain is almost always the same. Even when it's not, it's still the same IP. The referring site varies, too, but like above is always something that looks like a spam domain.
Naturally, my site is not mygeek.com. :-)
It doesn't seem like a hack attack, since I don't see how it would hit any security hole to request a domain that is not me. That's why I'm wondering if whoever runs mygeek.com (or a few other domains that keep showing up) just has a misconfigured DNS.