Educause Security Discussion mailing list archives

Re: Help on Possible Web Mail Attack

From: stanislav shalunov <shalunov () INTERNET2 EDU>
Date: Thu, 16 Jun 2005 09:42:03 -0400

Tim Lane <tlane () SCU EDU AU> writes:

[16/Jun/2005:10:11:01 +1000] boson httpd[8402]: General Warning: ipsecurity
- client 10.133.25.9 attempted to use session 6FmTS7qLDiU belonging to
64.233.172.2


Is it possible that Google spidered your site, then someone local (on
10/8) used Google, found the link Google spidered, and followed it?
This would seem to be quite a natural explanation.  It might make
sense to disable spidering of the dynamic part of the webmail site
(but not the home page or any static help or about pages) with
robots.txt (see http://www.robotstxt.org/wc/norobots-rfc.html for a
description of the format).

--
Stanislav Shalunov              http://www.internet2.edu/~shalunov/

This message is designed to be viewed in boustrophedon.

Current thread:

Help on Possible Web Mail Attack Tim Lane (Jun 15)
- <Possible follow-ups>
- Re: Help on Possible Web Mail Attack stanislav shalunov (Jun 16)
- Re: Help on Possible Web Mail Attack Graham Toal (Jun 16)
- Re: Help on Possible Web Mail Attack Tim Lane (Jun 16)