Educause Security Discussion mailing list archives
Re: Help on Possible Web Mail Attack
From: Tim Lane <tlane () SCU EDU AU>
Date: Fri, 17 Jun 2005 09:32:15 +1000
Stan, thanks for your reply. We have linked the problem to Google Accelerator, so a robotstext file will help us out with this. Cheers, Tim At 11:42 PM 16/06/2005, you wrote:
Tim Lane <tlane () SCU EDU AU> writes: > [16/Jun/2005:10:11:01 +1000] boson httpd[8402]: General Warning: ipsecurity > - client 10.133.25.9 attempted to use session 6FmTS7qLDiU belonging to > 64.233.172.2 Is it possible that Google spidered your site, then someone local (on 10/8) used Google, found the link Google spidered, and followed it? This would seem to be quite a natural explanation. It might make sense to disable spidering of the dynamic part of the webmail site (but not the home page or any static help or about pages) with robots.txt (see http://www.robotstxt.org/wc/norobots-rfc.html for a description of the format). -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ This message is designed to be viewed in boustrophedon.
Tim Lane Information Security Program Manager Information Technology and Telecommunication Services Southern Cross University PO Box 157 Lismore NSW 2480 (02 6620 3290 7 02 6620 3033 - tlane () scu edu au 8 http://www.scu.edu.au
Current thread:
- Help on Possible Web Mail Attack Tim Lane (Jun 15)
- <Possible follow-ups>
- Re: Help on Possible Web Mail Attack stanislav shalunov (Jun 16)
- Re: Help on Possible Web Mail Attack Graham Toal (Jun 16)
- Re: Help on Possible Web Mail Attack Tim Lane (Jun 16)