Referrer Spam? Hah Hah

Note: This entry has been restored from old archives.

Something’s playing with me…

       Client IP                                       GET URL     REFERRER STRING
 --------------- --------------------------------------------- -------------------                                     /2006/12/                         /Entries/Tech/General               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html                         /Entries/Tech/General               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html                         /Entries/Tech/General               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html                         /Entries/Tech/General               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html                         /Entries/Tech/General               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html

This started earlier this month and coincidentally it’s hitting a post about a potential referrer spam worm. Targeted silly-buggers or chance? Chance I’d guess — possibly thanks to an amusing search string choice? The user-agent is “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)” in all cases.

Note that visiting those IPs hits CPanel entrances in two instances but just default/dead account pages in the other cases. I’m guessing these are owned server systems – or just host XSSed junkcode of some sort.

I guess I’d better report them.

In other news I was horribly sick last week (well, about as sick as I ever get: head feeling like a sack of wet cats had taken up residence, throat like I’d been swallowing crushed glass and all-over body pain rubber-hose style). Also, we now have a 27U rack in the study. And I thought my days of living with racks had ended with EvilHouse (domain name now seemingly defunct – I guess we’ve all left those “evil” days behind us then).

*sigh* So it’ll be good to get back on track with some work tomorrow, things are moving again.