[svlug] new type of spam?

Florin Andrei florin at andrei.myip.org
Wed Mar 5 23:34:58 PST 2003


On Wed, 2003-03-05 at 22:05, Todd Lyons wrote:
> 
> Florin Andrei wanted us to know:
> >63.229.64.130 - - [02/Mar/2003:08:36:11 -0800] "GET / HTTP/1.0" 200 928
> >"http://www.sex-teen-pic.com/" "Mozilla/4.0 (compatible; MSIE 5.01;
> >Windows 98)"
> 
> Dollars to donuts, you have proxying enabled in apache and don't limit
> it to IP's or domains, with the end result that you are an open proxy
> and those guys are using your proxy.

nope :-)

[root at weiqi root]# cat /etc/httpd/conf/httpd.conf | grep proxy
#LoadModule proxy_module       modules/libproxy.so
#AddModule mod_proxy.c
# document that was negotiated on the basis of content. This asks proxy
# enable the proxy server:
#<IfModule mod_proxy.c>
#    <Directory proxy:*>
# End of proxy directives.
[root at weiqi root]#

It must be what Walter said, some sort of a spider or something. Yet i
still don't quite understand why anyone would advertise through the
Referer field.

Oh, wait...
1. "They" use Google to find out unprotected Webalizer pages
2. "They" send their funky spider all over the coresponding websites
3. After a while, _their_ website shows up in Webalizer
4. After yet another while, their ranking on Google is cranked up a bit
due to links to their sites from webalizer statistics
5. Profit!

I must password-protect my webalizer...

-- 
Florin Andrei

http://florin.myip.org/




More information about the svlug mailing list