Re: Strange server behavior.



On Tue, Dec 28, 2010 at 3:17 PM, <krymson@xxxxxxxxx> wrote:
Well, gosh, Paul, based on your last update with the URL/domain examples, I'd definitely see what is new in the code recently. This really looks like some sort of SEO/rank-influencing sort of behavior of some sort, or hit-generating scheme?

You might be able to submit some of those URLs to malware/site-scanning engines to see if they cry foul or cry about malware attempting to be submitted. Maybe (Maybe!!!) visit them using Firefox+NoScript and a non-Windows box (or throw-away box/VM) and see what is attempting to run. That may give clues as to what maybe wiggled its way into your site?

I don't recommend visiting such links in Windows or IE or a naked Firefox...be careful.


I found the problem. It looks like the GETS are being induced by Blog
page visits. Whatever is in the referrer component when the client
visits the blog page, the Web Server goes out and hits that same link:

125.162.242.240 - - [23/Dec/2010:02:10:31 -0400] "GET
http://www.myhost/blog.aspx HTTP/1.1" - -
"http://www.gaydating.mygaycrowd.com/"; "Mozilla/5.0 (Windows; U;
Windows NT 6.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"

myhost- - [23/Dec/2010:02:10:31 -0400] "GET
http://www.gaydating.mygaycrowd.com/ HTTP/1.1" - - "-" "-"

80.81.159.20 - - [23/Dec/2010:02:40:55 -0400] "GET
http://www.myhost/blog.aspx HTTP/1.0" - -
"http://www.gaydating.mygaycrowd.com/"; "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; en) Opera 8.50"

myhost - - [23/Dec/2010:02:40:55 -0400] "GET
http://www.gaydating.mygaycrowd.com/ HTTP/1.1" - - "-" "-"

187.17.22.6 - - [23/Dec/2010:00:00:40 -0400] "GET
http://www.myhost/blog.aspx HTTP/1.0" - -
"http://www.mystreetwearfashion.info"; "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; en) Opera 8.50"

myhost - - [23/Dec/2010:00:00:40 -0400] "GET
http://www.mystreetwearfashion.info/ HTTP/1.1" - - "-" "-"

A quick peek at those sources puts all of them on numerous blacklists.
Botnet SEO :). Whats interesting is the page requests from the clients
are random; they aren't hitting the same blog, or blog entries.
The owners of the box tell me that the software is BlogEngine.NET
1.5.07 and that there are no known bugs. Whether this is true or not
is another story.

Thanks for the suggestions everyone.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Build Failed Message
    ... you should (take a look at my blog for more info on cloning). ... The obvious solution to your problem is a reinstall of the entire machine, because there is still something wrong with your installation. ... I received no build.log file in the C:\WINCE600 folder. ... Windows CE 6.0 Platform Builder ...
    (microsoft.public.windowsce.platbuilder)
  • Re: Removing or Converting HTML code when Web text is pasted into Word 2007
    ... I have the XPS printer on my Windows 7 laptop, which is a good thing since I can't get the laptop to see any printers on the network, but I haven't had occasion to try it for anything, and anytime I've searched for explanations of XPS online I've ended up terminally confused! ... You said "if you'll provide a link to the blog, ... Content Protected Using Blog Protector By: ...
    (microsoft.public.word.docmanagement)
  • Ranting about the state of Python IDEs for Windows
    ... blog is better), but it's still better than keeping it for myself. ... It has to be Windows, for reasons beyond my control (read ... I also tried Wing IDE Personal. ... good Python editor, syntax coloring, a few helpers (moving blocks & ...
    (comp.lang.python)
  • Re: w32time service on windows 2003 PDC
    ... Jorge, thanks ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... problem does not exist" in system events. ...
    (microsoft.public.win2000.active_directory)
  • Re: w32time service on windows 2003 PDC
    ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ...
    (microsoft.public.win2000.active_directory)