Educause Security Discussion mailing list archives
Re: Help on Possible Web Mail Attack
From: stanislav shalunov <shalunov () INTERNET2 EDU>
Date: Thu, 16 Jun 2005 09:42:03 -0400
Tim Lane <tlane () SCU EDU AU> writes:
[16/Jun/2005:10:11:01 +1000] boson httpd[8402]: General Warning: ipsecurity - client 10.133.25.9 attempted to use session 6FmTS7qLDiU belonging to 64.233.172.2
Is it possible that Google spidered your site, then someone local (on 10/8) used Google, found the link Google spidered, and followed it? This would seem to be quite a natural explanation. It might make sense to disable spidering of the dynamic part of the webmail site (but not the home page or any static help or about pages) with robots.txt (see http://www.robotstxt.org/wc/norobots-rfc.html for a description of the format). -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ This message is designed to be viewed in boustrophedon.
Current thread:
- Help on Possible Web Mail Attack Tim Lane (Jun 15)
- <Possible follow-ups>
- Re: Help on Possible Web Mail Attack stanislav shalunov (Jun 16)
- Re: Help on Possible Web Mail Attack Graham Toal (Jun 16)
- Re: Help on Possible Web Mail Attack Tim Lane (Jun 16)