[thesite] Re: [Admin] Is somebody trawling the thelist for addresses?

Daniel J. Cody djc at starkmedia.com
Mon Aug 6 12:11:06 CDT 2001


actually, this email address is in your php article seb, which is 
probably where they got it from(cus its in clear text)

i've noticed a bit more spam in the last 6 months too.. 2 weeks ago i 
put a little something on weo's robots.txt file:

Disallow: /user/
Disallow: /email-addresses/

disallowing /user/ should be obvious. /email-addresses/ is not a 
directory, but i wanted to see what(if any) 'bad' spiders were not 
following the rules of our robots.txt file and going to a directory 
where they'd been told not to..

so far, i haven't seen anything try to access that directory. in fact, 
the agent ID on every client that has accessed /user in the past 7 days 
reveals nothing too crazy in terms of wacky bots(one exception being 
http://www.relevare.com/main.html )

one thing that *DOES* stand out is when i run the following command on 
the access log:
[root at weo httpd]# grep /user/ weo.access.log | awk '{print $1 $12 $13 
$14}' | grep Wget | sort -n | uniq

that searches for /user/ in weo.access.log then prings out the 1st, 
12th-14th fields in that recordset. then from that recordset it searches 
for Wget, sorts them, and returns uniq entries(no duplicates)(unix rules 
btw :)

here is the output from that:

24.128.27.97"Wget/1.6"
24.131.173.198"Wget/1.6"
63.166.100.25"Wget/1.6"
63.229.76.54"Wget/1.6"
64.0.245.226"Wget/1.6"
64.109.118.166"Wget/1.6"
65.11.108.159"Wget/1.6"
130.235.58.23"Wget/1.6"
131.155.14.130"Wget/1.6"
137.99.160.140"Wget/1.6"
152.66.208.134"Wget/1.6"
193.128.104.225"Wget/1.6"
193.83.146.25"Wget/1.6"
194.163.249.110"Wget/1.6"
194.18.231.22"Wget/1.6"
208.128.7.215"Wget/1.6"
209.63.82.11"Wget/1.6"
213.221.113.36"Wget/1.6"
216.183.203.7"Wget/1.6"
216.190.193.30"Wget/1.6"

nothing there to crazy, except the last couple come from 
eli.net(elictric lightwave, an isp apparently) anda couple @home addys 
at the front.

wget is a mass downloader type application.. some use it to get a site 
for offline browsing, others to rip entire websites.

anyways, maybe we should block clients that return Wget* in their agent 
string and see if that helps at all?

.djc.
(copying thesite FYI)

seb wrote:
> Hi guys,
> 
> I just got the following spam sent to php_tutor at sebpotter.org
> 
> Now, this isn't an unusual occurence, except for the fact that I've only 
> used this email address once, ever, in a post to thelist.
> 
> Has some scuzbucket been trawling the archives and harvesting addresses, 
> or is this worse, and somebody has actually signed a bot up to thelist 
> to do some real spamage?
> 
> Seb.
> 
> 
> 
> 
> -------- Original Message --------
> From: - Mon Aug 06 12:11:19 2001
> X-UIDL: <280.154157.868423 at aol.com>
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Return-Path: <bighooters at aol.com>
> Received: from mail-out.namezero.com (mail-out.namezero.com 
> [216.34.13.235]) by leo.evolt.org (8.11.4/8.11.1) with ESMTP id 
> f765Vs020718 for <seb at admin.evolt.org>; Mon, 6 Aug 2001 00:31:54 -0500
> EvoltDate: Mon Aug 6 00:31:54 2001
> EvoltDate1: 200108060531
> Received: from bronze.backend.namezero.com ([10.0.0.4] helo=bronze) by 
> mail-out.namezero.com with esmtp (Exim 3.30 #1) id 15Td1M-0001Lo-00 for 
> seb at admin.evolt.org; Sun, 05 Aug 2001 22:33:44 -0700
> Received: from femail21.sdc1.sfba.home.com (HELO 
> femail21.sdc1.sfba.home.com) (femail21.sdc1.sfba.home.com/24.0.95.146) 
> by bronze with SMTP; Sun, 5 Aug 2001 22:33:57 -0700 (PDT) Apparently 
> from: bighooters at aol.com On behalf of: php_tutor at sebpotter.org
> Received: from yahoo.com ([24.18.196.149]) by 
> femail21.sdc1.sfba.home.com (InterMail vM.4.01.03.20 
> 201-229-121-120-20010223) with SMTP id 
> <20010806053355.FEIO3213.femail21.sdc1.sfba.home.com at yahoo.com> for 
> <php_tutor at sebpotter.org>; Sun, 5 Aug 2001 22:33:55 -0700
> From: <bighooters at aol.com>
> To: php_tutor at sebpotter.org
> Subject: Bmw Newsletter
> Date: Mon, 6 Aug 2001 01:33:58
> Message-Id: <280.154157.868423 at aol.com>
> Reply-To: BmwTuner2001 at yahoo.com
> Mime-Version: 1.0
> Content-Type: text/html; charset="us-ascii"
> X-NZ-Hop-Count: 1
> 
> 
> 
> 
> 
> *_ Sign up for Free BMW Newsletter_*
> 
> 
> 
> 
> Here's your chance to *Join*   the  BMW newsletter solely dedicated to 
> enhancing   Your *BMW* .
> *_Learn more about :_*
> 
>    *
> 
>      How to improve handling on your BMW
> 
>    *
> 
>      Increase acceleration
> 
>    *
> 
>      New lighting upgrades
> 
>    *
> 
>      How to improve braking
> 
>    *
> 
>      Tips on maintaining and caring for your Investment
> 
> Why miss out on a great opportunity? Subscribe for free by sending an 
> email with the subject header * subscribe to BMW Newsletter *to 
> BMWtuner2001 at yahoo.com <mailto:BMWtuner2001 at yahoo.com>
> 
> 
> 
> if you care not to receive anymore solicitations, send an email to 
> removeBMWtuner at yahoo.com <mailto:removeBMWtuner at yahoo.com>
> 
> <cid:part1.04030206.03040700 at netscape.com>
> /*Ac Schnitzer 3 series*/
> 
> 






More information about the thesite mailing list