Date: Sun, 23 May 1999 18:56:30 -0700 From: Josef Grosch <jgrosch@ontario.mooseriver.com> To: David Babler <root@Rigel.orionsys.com> Cc: Michael Bryan <fbsd-security@ursine.com>, freebsd-security@FreeBSD.ORG Subject: Re: Denial of service attack from "imagelock.com" Message-ID: <19990523185630.A57604@ontario.mooseriver.com> In-Reply-To: <Pine.BSF.4.05.9905231805480.770-100000@Rigel.orionsys.com>; from David Babler on Sun, May 23, 1999 at 06:11:28PM -0700 References: <199905231424140440.0E81E3D5@quaggy.ursine.com> <Pine.BSF.4.05.9905231805480.770-100000@Rigel.orionsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 23, 1999 at 06:11:28PM -0700, David Babler wrote: > > > On Sun, 23 May 1999, Michael Bryan wrote: > > On 5/23/99 at 1:23 PM Brett Glass wrote: > > >I don't know whether or not this would help. But complaining to their > > >ISP probably would. > > > > Or to them directly... > > > > Some things I noted about their scans in our log files: > > > > 1) They -are- requesting a robots.txt file before every scan wave. > > Whether or not they utilize this, I cannot tell, as we don't have > > a robots.txt file in use at this time. > > They get it, and ignore it. They're just sucking up all files they see, > since, as I said, I have webpoison installed. Webpoison is intended to > befuddle brain-dead spam address harvesters by generating an infinite > number of "interesting" pseudo-random web pages containing what look like > more links (more webpoison pages) and email addresses (all bogus). The > links on the page are invisible to humans and included in the robots.txt > file, so legitimate robots never should go there. Our imagelock.com > friends spent a LONG time there. Where can one find webpoison? All the web servers I run, including my little test server on my home machine, have been scanned by imagelock.com. Josef -- Josef Grosch | Another day closer to a | FreeBSD 3.2 jgrosch@MooseRiver.com | Micro$oft free world | UNIX for the masses To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990523185630.A57604>