From owner-freebsd-security  Sun May 23 18:29:31 1999
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
	by hub.freebsd.org (Postfix) with ESMTP id F315315021
	for <freebsd-security@FreeBSD.ORG>; Sun, 23 May 1999 18:29:27 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2])
	by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id TAA28684;
	Sun, 23 May 1999 19:29:13 -0600 (MDT)
Message-Id: <4.2.0.37.19990523191423.04639500@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.37 (Beta)
Date: Sun, 23 May 1999 19:17:31 -0600
To: David Babler <root@Rigel.orionsys.com>,
	Michael Bryan <fbsd-security@ursine.com>
From: Brett Glass <brett@lariat.org>
Subject: Re: Denial of service attack from "imagelock.com"
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.05.9905231805480.770-100000@Rigel.orionsys.com>
References: <199905231424140440.0E81E3D5@quaggy.ursine.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 06:11 PM 5/23/99 -0700, David Babler wrote:

 >hey get it, and ignore it. They're just sucking up all files they see,
>since, as I said, I have webpoison installed. Webpoison is intended to
>befuddle brain-dead spam address harvesters by generating an infinite
>number of "interesting" pseudo-random web pages containing what look like
>more links (more webpoison pages) and email addresses (all bogus). The
>links on the page are invisible to humans and included in the robots.txt
>file, so legitimate robots never should go there. Our imagelock.com
>friends spent a LONG time there.

Dave, could you write the people at noc@above.net and abuse@above.net
and tell them that? Ignoring the robots.txt file amounts to unauthorized
access -- big time. That's serious Web abuse.

The Webmasters on this list may want to look over their logs to see
if they've been hit and not known it. grep your logs for imagelock.com;
if you find that they're abusing your server, you may want to firewall 
them out and complain to ABOVE.NET.

--Brett Glass



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message