Educause Security Discussion mailing list archives

Re: Help on Possible Web Mail Attack

From: Tim Lane <tlane () SCU EDU AU>
Date: Fri, 17 Jun 2005 09:32:15 +1000

Stan,

thanks for your reply.  We have linked the problem to Google Accelerator,
so a robotstext file will help us out with this.

Cheers,

Tim


At 11:42 PM 16/06/2005, you wrote:

Tim Lane <tlane () SCU EDU AU> writes:

> [16/Jun/2005:10:11:01 +1000] boson httpd[8402]: General Warning: ipsecurity
> - client 10.133.25.9 attempted to use session 6FmTS7qLDiU belonging to
> 64.233.172.2

Is it possible that Google spidered your site, then someone local (on
10/8) used Google, found the link Google spidered, and followed it?
This would seem to be quite a natural explanation.  It might make
sense to disable spidering of the dynamic part of the webmail site
(but not the home page or any static help or about pages) with
robots.txt (see http://www.robotstxt.org/wc/norobots-rfc.html for a
description of the format).

--
Stanislav Shalunov              http://www.internet2.edu/~shalunov/

This message is designed to be viewed in boustrophedon.


Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

(02 6620 3290    7   02 6620 3033    - tlane () scu edu au
8 http://www.scu.edu.au

Current thread:

Help on Possible Web Mail Attack Tim Lane (Jun 15)
- <Possible follow-ups>
- Re: Help on Possible Web Mail Attack stanislav shalunov (Jun 16)
- Re: Help on Possible Web Mail Attack Graham Toal (Jun 16)
- Re: Help on Possible Web Mail Attack Tim Lane (Jun 16)