Date: Sun, 23 May 1999 21:08:52 -0600 (MDT) From: "Kenneth D. Merry" <ken@plutotech.com> To: jgrosch@MooseRiver.com Cc: root@Rigel.orionsys.com (David Babler), fbsd-security@ursine.com (Michael Bryan), freebsd-security@FreeBSD.ORG Subject: Re: Denial of service attack from "imagelock.com" Message-ID: <199905240308.VAA22141@panzer.plutotech.com> In-Reply-To: <19990523185630.A57604@ontario.mooseriver.com> from Josef Grosch at "May 23, 1999 06:56:30 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Josef Grosch wrote... > On Sun, May 23, 1999 at 06:11:28PM -0700, David Babler wrote: > > > > > > On Sun, 23 May 1999, Michael Bryan wrote: > > > On 5/23/99 at 1:23 PM Brett Glass wrote: > > > >I don't know whether or not this would help. But complaining to their > > > >ISP probably would. > > > > > > Or to them directly... > > > > > > Some things I noted about their scans in our log files: > > > > > > 1) They -are- requesting a robots.txt file before every scan wave. > > > Whether or not they utilize this, I cannot tell, as we don't have > > > a robots.txt file in use at this time. > > > > They get it, and ignore it. They're just sucking up all files they see, > > since, as I said, I have webpoison installed. Webpoison is intended to > > befuddle brain-dead spam address harvesters by generating an infinite > > number of "interesting" pseudo-random web pages containing what look like > > more links (more webpoison pages) and email addresses (all bogus). The > > links on the page are invisible to humans and included in the robots.txt > > file, so legitimate robots never should go there. Our imagelock.com > > friends spent a LONG time there. > > Where can one find webpoison? All the web servers I run, including my > little test server on my home machine, have been scanned by imagelock.com. I did a search on Yahoo and came up with what seems to be the home page: http://www.e-scrub.com/wpoison/ They've got some guidelines there for installing and using it. It looks quite interesting. I checked a web server I administer, and sure enough, it got hit by imagelock.com two days ago. I may just firewall them. :) Ken -- Kenneth Merry ken@plutotech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905240308.VAA22141>