Date: Mon, 24 May 1999 10:45:57 +0000 From: Joao Assad <jfassad@domain.com.br> To: freebsd-security@FreeBSD.ORG Subject: Re: Denial of service attack from "imagelock.com" Message-ID: <37492DE5.2822267@domain.com.br> References: <199905231424140440.0E81E3D5@quaggy.ursine.com> <4.2.0.37.19990523191423.04639500@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote:
> At 06:11 PM 5/23/99 -0700, David Babler wrote:
>
> >hey get it, and ignore it. They're just sucking up all files they see,
> >since, as I said, I have webpoison installed. Webpoison is intended to
> >befuddle brain-dead spam address harvesters by generating an infinite
> >number of "interesting" pseudo-random web pages containing what look like
> >more links (more webpoison pages) and email addresses (all bogus). The
> >links on the page are invisible to humans and included in the robots.txt
> >file, so legitimate robots never should go there. Our imagelock.com
> >friends spent a LONG time there.
>
> Dave, could you write the people at noc@above.net and abuse@above.net
> and tell them that? Ignoring the robots.txt file amounts to unauthorized
> access -- big time. That's serious Web abuse.
>
> The Webmasters on this list may want to look over their logs to see
> if they've been hit and not known it. grep your logs for imagelock.com;
> if you find that they're abusing your server, you may want to firewall
> them out and complain to ABOVE.NET.
Damn they scanned all my servers, I didnt check before because I though they
wouldnt be interested in a .br server.... Seems like they got here coming
through
our tucows mirror and once they got in our network they started scanning all
our
servers.
In my logs I see a 10 secs interval between each request.
Cheers
Joao Assad
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37492DE5.2822267>