Re: Got 'em. (was "Re: gw.ocg-corp.com")

[Hugo van der Kooij <hvdkooij () vanderkooij org>]

On Mon, 13 May 2002, Jay D. Dyson wrote:

> --[PinePGP]--------------------------------------------------[begin]--
> On Mon, 13 May 2002, Chip McClure wrote:
>
> > I don't have any luck finding out any info on ocg-corp.com either. :(
> > I've got a few of the hits in my webserver logs, the same as you. My
> > guess, someone's spoofing the reverse dns on it. Kinda sounds like
> > someone is doing some very hard spidering on your site.
>
>       My experiment paid off.  I figured the spider would goof at some
> point and cough up the IP address and I was happy to find this was true.

hostresolving in apache is not recommended (understatement!!).

>       From there, it was all over but the shouting...
>
> $ nslookup 209.126.176.3
> Server:  localhost
> Address:  127.0.0.1
>
> Name:    gw.ocg-corp.com
> Address:  209.126.176.3
>
>       And there we have the culprit.  Who wants to throw the clue mallet
> at 'em?  ;)

I have send a full log to the owner of the IP range according to the 
available WHOIS information. I suggest you do so as well if you are 
annoyed by this conduct.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com