swisspig.net - To hell with the pig... I'm going to Switzerland.

Websense Hits (Monday, August 16, 2004)

Okay, so yes, I'm slacking off. Once school starts, I'll probably update more. But today's adventure has been sort of interesting, so I figured I'd write a quick update. For a while now, I've been noticing a bizarre series of hits in my logs from 66.194.6.2, 66.194.6.79, 66.194.6.83, and other hosts in the 66.194.6.0/24 subnet. The hits were suspicious because they were clearly machine generated, but didn't request robots.txt (or any other real file), but were rather looking for things that smelled of Windows security exploits. While I'm not susceptible to those sorts of things, it still adds entries to my logs that I have to track down. Rather than just blocking the whole subnet, I contacted Time Warner (abuse at twtelecom.net) to report the abuse.

So today, I got an e-mail from a security manager at Websense, explaining that his company has been generating these hits, trying to categorize my site by content (and looking for malicious content). It was very nice of him to contact me with an explanation. Nevertheless, I wrote him back explaining that I'd appreciate it if those hits would stop. We will see if they do. If not, at least I now know I can safely block that subnet at the firewall, if necessary.

When I first started looking into this, I did a Google search of the IP addresses in question, and found that they appear in lots of logs, but no one seems to have tracked it down. With any luck, the next time people are trying to figure out who is "hacking" their Web site, they'll find this page, and be able to respond in an appropriate way.

—Brian (8/16/2004 2:37 PM)
(0 comments)

Comments

No comments.

Name
URL
Comment
(no html)
 

Disclaimer: Opinions on this site are those of Brian Ziman and do not necessarily
reflect the views of any other organizations or businesses mentioned.