Yvan Seth's Hole in the Internet

Further Internetual randomness courtesy of Yvan Seth, parsnip wrangler.
/Entries/Technology/Security/ <rss>
◄Previous Next►

Referrer Spam? Hah Hah

Sun 2007-02-11 23:50

Something's playing with me... 

       Client IP                                       GET URL     REFERRER STRING
 --------------- --------------------------------------------- -------------------
   66.49.223.233                                     /2006/12/ http://www.rxtq.com
    70.87.208.34                         /Entries/Tech/General http://www.jyor.com
 216.185.128.200               /Entries/Tech/General/index.rss http://www.jyor.com
 216.185.128.200 /Entries/Tech/General/Referrer_Spam_Worm.html http://www.jyor.com
 216.185.128.200                         /Entries/Tech/General http://www.nucx.com
    70.87.208.34               /Entries/Tech/General/index.rss http://www.nucx.com
    70.87.208.34 /Entries/Tech/General/Referrer_Spam_Worm.html http://www.nucx.com
   66.49.223.233                         /Entries/Tech/General http://www.cjrz.com
    70.87.208.34               /Entries/Tech/General/index.rss http://www.cjrz.com
     74.208.16.4 /Entries/Tech/General/Referrer_Spam_Worm.html http://www.cjrz.com
     74.208.16.4                         /Entries/Tech/General http://www.qwye.com
   66.49.223.233               /Entries/Tech/General/index.rss http://www.qwye.com
     74.208.16.4 /Entries/Tech/General/Referrer_Spam_Worm.html http://www.qwye.com
     74.208.16.4                         /Entries/Tech/General http://www.kzby.com
   66.49.223.233               /Entries/Tech/General/index.rss http://www.kzby.com
    70.87.208.34 /Entries/Tech/General/Referrer_Spam_Worm.html http://www.kzby.com
 216.185.128.200               /Entries/Tech/General/index.rss http://www.ovqk.com
    70.87.208.34 /Entries/Tech/General/Referrer_Spam_Worm.html http://www.ovqk.com
 216.185.128.200               /Entries/Tech/General/index.rss http://www.bgxr.com
    70.87.208.34 /Entries/Tech/General/Referrer_Spam_Worm.html http://www.bgxr.com

This started earlier this month and coincidentally it's hitting a post about a potential referrer spam worm. Targeted silly-buggers or chance? Chance I'd guess — possibly thanks to an amusing search string choice? The user-agent is "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" in all cases.

Note that visiting those IPs hits CPanel entrances in two instances but just default/dead account pages in the other cases. I'm guessing these are owned server systems - or just host XSSed junkcode of some sort.

I guess I'd better report them.

In other news I was horribly sick last week (well, about as sick as I ever get: head feeling like a sack of wet cats had taken up residence, throat like I'd been swallowing crushed glass and all-over body pain rubber-hose style). Also, we now have a 27U rack in the study. And I thought my days of living with racks had ended with EvilHouse (domain name now seemingly defunct - I guess we've all left those "evil" days behind us then).

*sigh* So it'll be good to get back on track with some work tomorrow, things are moving again.

No Responses

trackback
Name:
Email: (You must register an email address!)
Url: (optional)
Title: (optional)
Response:
All HTML will be escaped. Paragraphs and new-lines are honoured and you can use *word* for bold and _word_ for underline.
Save my Name, URL, and Email for next time
/Entries/Technology/Security/Referrer Spam? Hah Hah
◄Previous Next►
© 2005-2009 Yvan Seth — EMail Yvan | XHTML 1.0 Strict | Add to GoogleSubscribe with Bloglines | Creative Commons License

Twitter Litter

    follow me on Twitter

    Recent Entries

    Categories

    Badgers

    Protecting your bits. Open Rights Group