Flutterby™! : weirdness

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

weirdness

2006-09-08 21:26:19.054231+02 by Dan Lyke 5 comments

Anyone have a clue why 208.53.147.137 would be trying to load the various highest database resource and bandwidth using pages from my server with assorted different client specs (ie: quite a few claims of different versions of Mozilla with varous different plug-ins, although always "Windows NT 5.1"), several claims of Opera), and no referrer?

[ related topics: Microsoft Open Source Databases ]

comments in descending chronological order (reverse):

#Comment Time to add some redirects... made: 2006-09-12 02:26:39.560693+02 by: nkane

Redirect any request from that IP range to goatse or something similar.

#Comment Re: made: 2006-09-09 04:18:46.044644+02 by: meuon [edit history]

Something called 'Assista has a website at several of the IP's Above. They don't seem to be hitting my server from that block of addresses. Want some of their codebase? /scripts and other dirs are wide open for playing with..

And for more of a clue as to what they are up to, http://search.assista.com is a glimpse. Seams they are trying to come up with a better search interface. I've broken it a few times already, the sentance/word completion code is basic AJAX. They don't know what a 'meuon' is, yet. :)

They call it a 'subject search engine'.

#Comment Re: made: 2006-09-09 01:53:10.795546+02 by: Dan Lyke

I've run a tail -f on my logs and left it running in a side window, and seen some interesting stuff. Like...

209.85.54.131 - - [08/Sep/2006:16:50:44 -0700] "GET /archives/comments/8208.html HTTP/1.1" 200 4010 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
209.85.54.145 - - [08/Sep/2006:16:50:44 -0700] "GET /archives/comments/8208.html HTTP/1.1" 200 4010 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
209.85.54.143 - - [08/Sep/2006:16:50:44 -0700] "GET /archives/comments/8208.html HTTP/1.1" 200 4010 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
209.85.54.130 - - [08/Sep/2006:16:50:44 -0700] "GET /archives/comments/8208.html HTTP/1.1" 200 4010 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
209.85.54.134 - - [08/Sep/2006:16:50:44 -0700] "GET /archives/comments/8208.html HTTP/1.1" 200 4010 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
209.85.54.136 - - [08/Sep/2006:16:50:44 -0700] "GET /archives/comments/8208.html HTTP/1.1" 200 4010 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
209.85.54.144 - - [08/Sep/2006:16:50:44 -0700] "GET /archives/comments/8208.html HTTP/1.1" 200 4010 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
209.85.54.143 - - [08/Sep/2006:16:50:46 -0700] "GET /archives/comments/8208.html HTTP/1.1" 200 4010 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
209.85.54.137 - - [08/Sep/2006:16:50:46 -0700] "GET /archives/comments/8208.html HTTP/1.1" 200 4010 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

9 simultaneous requests for the same document from separate IPs. WTF, hey?

#Comment Re: made: 2006-09-08 22:26:37.992479+02 by: flushy

It looks like a company's firewall. Maybe their own spider? Or an intelligent web cache solution that's gone not-so-intelligent?

%rwhois V-1.5:003eff:00 rwhois.fdcservers.net (by Network Solutions, Inc. V-1.5.9.4) network:Auth-Area:208.53.128.0/18 network:Class-Name:network network:OrgName:PIXELFXSOLUTION network:OrgID;I:PIXELFXSOLUTION network:Address:96 Blandford Road network:City:Beckenham network:NetRange:208.53.147.0 - 208.53.147.255 network:CIDR:208.53.147.0/24 network:NetName:PIXELFXSOLUTION-208.53.147.0 network:OrgAbuseHandle:ABUSE-PIXELFXSOLUTION network:OrgAbuseName:ABUSE department network:OrgAbuseEmail:sales@pixelfxsolution.com network:OrgNOCHandle:NOC1402-ARIN network:OrgNOCName:Network Operations Center network:OrgNOCPhone:+1-312-913-9304 network:OrgNOCEmail:support@fdcservers.net network:OrgTechHandle:PKR5-ARIN network:OrgTechName:Petr Kral network:OrgTechPhone:+1-312-933-1046 network:OrgTechEmail:petr@fdcservers.net network:RegDate:20060727 network:Updated:20060727

#Comment Re: made: 2006-09-08 21:52:54.235647+02 by: meuon [edit history]

It's apparently a misconfigured, hacked or evil boxen at FDC Servers.

It could be a proxy, bloggerspam or other funky server stealing all your wonderful content to go on it's advert driven search index manipulating clone site, or to be included into e-mails linking to viagra/porn sites.

Comment policy

We will not edit your comments. However, we may delete your comments, or cause them to be hidden behind another link, if we feel they detract from the conversation. Commercial plugs are fine, if they are relevant to the conversation, and if you don't try to pretend to be a consumer. Annoying endorsements will be deleted if you're lucky, if you're not a whole bunch of people smarter and more articulate than you will ridicule you, and we will leave such ridicule in place.

Flutterby™ is a trademark claimed by

Dan Lyke
for the web publications at www.flutterby.com and www.flutterby.net.