Security Incidents mailing list archives

Banner riding

From: Mike Bush <mike () IEACCESS COM>
Date: Sat, 20 Jan 2001 11:47:32 -0600

From Nov 13 2000 to Jan 19 2001 almost 5500 unique ip/hosts attempted to use

my clients web servers for a proxy. The requests were denied. So why am I
sending this email? This web server was an open http proxy but was closed
almost 2 years ago. A closer look at the attempts shows most are to banner
companies. Does anyone have more information on this? Are they using some
client/script? If you own one of these IPs can you capture this thing for
me?

List of sorted unique hosts (only)
http://loghost.ieaccess.com/proxy.unique

Full logs (10MB uncompressed; ~800k compressed)
http://loghost.ieaccess.com/proxy.tar.gz

(tail -10)
[Fri Jan 19 18:45:52 2001] [error] [client 194.8.137.193] client denied by
server configuration:
proxy:http://www.topxxxchange.com/cgi-bin/xcshow.cgi?ac=hn2000&pg=10
[Fri Jan 19 18:46:14 2001] [error] [client 194.8.137.193] client denied by
server configuration:
proxy:http://bannerexchange.hot4you.de/hot4you/xcshow?schokopussies.04
[Fri Jan 19 18:50:19 2001] [error] [client 216.254.145.83] client denied by
server configuration: proxy:http://www.deny.de/cgi-bin/prxjdg.cgi
[Fri Jan 19 18:50:21 2001] [error] [client 216.254.145.83] client denied by
server configuration: proxy:http://www.deny.de/cgi-bin/prxjdg.cgi
[Fri Jan 19 18:50:57 2001] [error] [client 24.42.186.27] client denied by
server configuration:
proxy:http://www5.dimeclicks.com/cgi-bin/getimage.cgi/host?REGION=dimeclicks
[Fri Jan 19 18:59:36 2001] [error] [client 195.128.139.237] client denied by
server configuration: proxy:http://anime.sexhound.net/cyberporno/dollar1.gif
[Fri Jan 19 19:05:52 2001] [error] [client 217.80.71.137] client denied by
server configuration: proxy:http://ads.powershopping.de/120x60_hell_7.gif
[Fri Jan 19 19:13:42 2001] [error] [client 24.42.186.27] client denied by
server configuration:
proxy:http://www5.dimeclicks.com/cgi-bin/getimage.cgi/host?REGION=dimeclicks
[Fri Jan 19 19:25:38 2001] [error] [client 216.246.96.99] client denied by
server configuration:
proxy:http://develooper.com/pt.txt?kougars.kish.cc.il.us:80
[Fri Jan 19 19:37:48 2001] [error] [client 24.234.148.107] client denied by
server configuration:
proxy:http://www.modchip.com/clickcgi/click.cgi?gateway=dreamcastfun

Thanks for your time,
Mike Bush

Current thread:

Banner riding Mike Bush (Jan 22)
- Re: Banner riding Tribunal (Jan 23)