[thesite] Re: [Admin] Is somebody trawling the thelist for addresses?
Daniel J. Cody
djc at starkmedia.com
Mon Aug 6 12:11:06 CDT 2001
actually, this email address is in your php article seb, which is
probably where they got it from(cus its in clear text)
i've noticed a bit more spam in the last 6 months too.. 2 weeks ago i
put a little something on weo's robots.txt file:
Disallow: /user/
Disallow: /email-addresses/
disallowing /user/ should be obvious. /email-addresses/ is not a
directory, but i wanted to see what(if any) 'bad' spiders were not
following the rules of our robots.txt file and going to a directory
where they'd been told not to..
so far, i haven't seen anything try to access that directory. in fact,
the agent ID on every client that has accessed /user in the past 7 days
reveals nothing too crazy in terms of wacky bots(one exception being
http://www.relevare.com/main.html )
one thing that *DOES* stand out is when i run the following command on
the access log:
[root at weo httpd]# grep /user/ weo.access.log | awk '{print $1 $12 $13
$14}' | grep Wget | sort -n | uniq
that searches for /user/ in weo.access.log then prings out the 1st,
12th-14th fields in that recordset. then from that recordset it searches
for Wget, sorts them, and returns uniq entries(no duplicates)(unix rules
btw :)
here is the output from that:
24.128.27.97"Wget/1.6"
24.131.173.198"Wget/1.6"
63.166.100.25"Wget/1.6"
63.229.76.54"Wget/1.6"
64.0.245.226"Wget/1.6"
64.109.118.166"Wget/1.6"
65.11.108.159"Wget/1.6"
130.235.58.23"Wget/1.6"
131.155.14.130"Wget/1.6"
137.99.160.140"Wget/1.6"
152.66.208.134"Wget/1.6"
193.128.104.225"Wget/1.6"
193.83.146.25"Wget/1.6"
194.163.249.110"Wget/1.6"
194.18.231.22"Wget/1.6"
208.128.7.215"Wget/1.6"
209.63.82.11"Wget/1.6"
213.221.113.36"Wget/1.6"
216.183.203.7"Wget/1.6"
216.190.193.30"Wget/1.6"
nothing there to crazy, except the last couple come from
eli.net(elictric lightwave, an isp apparently) anda couple @home addys
at the front.
wget is a mass downloader type application.. some use it to get a site
for offline browsing, others to rip entire websites.
anyways, maybe we should block clients that return Wget* in their agent
string and see if that helps at all?
.djc.
(copying thesite FYI)
seb wrote:
> Hi guys,
>
> I just got the following spam sent to php_tutor at sebpotter.org
>
> Now, this isn't an unusual occurence, except for the fact that I've only
> used this email address once, ever, in a post to thelist.
>
> Has some scuzbucket been trawling the archives and harvesting addresses,
> or is this worse, and somebody has actually signed a bot up to thelist
> to do some real spamage?
>
> Seb.
>
>
>
>
> -------- Original Message --------
> From: - Mon Aug 06 12:11:19 2001
> X-UIDL: <280.154157.868423 at aol.com>
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Return-Path: <bighooters at aol.com>
> Received: from mail-out.namezero.com (mail-out.namezero.com
> [216.34.13.235]) by leo.evolt.org (8.11.4/8.11.1) with ESMTP id
> f765Vs020718 for <seb at admin.evolt.org>; Mon, 6 Aug 2001 00:31:54 -0500
> EvoltDate: Mon Aug 6 00:31:54 2001
> EvoltDate1: 200108060531
> Received: from bronze.backend.namezero.com ([10.0.0.4] helo=bronze) by
> mail-out.namezero.com with esmtp (Exim 3.30 #1) id 15Td1M-0001Lo-00 for
> seb at admin.evolt.org; Sun, 05 Aug 2001 22:33:44 -0700
> Received: from femail21.sdc1.sfba.home.com (HELO
> femail21.sdc1.sfba.home.com) (femail21.sdc1.sfba.home.com/24.0.95.146)
> by bronze with SMTP; Sun, 5 Aug 2001 22:33:57 -0700 (PDT) Apparently
> from: bighooters at aol.com On behalf of: php_tutor at sebpotter.org
> Received: from yahoo.com ([24.18.196.149]) by
> femail21.sdc1.sfba.home.com (InterMail vM.4.01.03.20
> 201-229-121-120-20010223) with SMTP id
> <20010806053355.FEIO3213.femail21.sdc1.sfba.home.com at yahoo.com> for
> <php_tutor at sebpotter.org>; Sun, 5 Aug 2001 22:33:55 -0700
> From: <bighooters at aol.com>
> To: php_tutor at sebpotter.org
> Subject: Bmw Newsletter
> Date: Mon, 6 Aug 2001 01:33:58
> Message-Id: <280.154157.868423 at aol.com>
> Reply-To: BmwTuner2001 at yahoo.com
> Mime-Version: 1.0
> Content-Type: text/html; charset="us-ascii"
> X-NZ-Hop-Count: 1
>
>
>
>
>
> *_ Sign up for Free BMW Newsletter_*
>
>
>
>
> Here's your chance to *Join* the BMW newsletter solely dedicated to
> enhancing Your *BMW* .
> *_Learn more about :_*
>
> *
>
> How to improve handling on your BMW
>
> *
>
> Increase acceleration
>
> *
>
> New lighting upgrades
>
> *
>
> How to improve braking
>
> *
>
> Tips on maintaining and caring for your Investment
>
> Why miss out on a great opportunity? Subscribe for free by sending an
> email with the subject header * subscribe to BMW Newsletter *to
> BMWtuner2001 at yahoo.com <mailto:BMWtuner2001 at yahoo.com>
>
>
>
> if you care not to receive anymore solicitations, send an email to
> removeBMWtuner at yahoo.com <mailto:removeBMWtuner at yahoo.com>
>
> <cid:part1.04030206.03040700 at netscape.com>
> /*Ac Schnitzer 3 series*/
>
>
More information about the thesite
mailing list