Welcome to WebmasterWorld Guest from

Forum Moderators: buckworks & webwork

Message Too Old, No Replies

Forged domains from bogus spiders

How easy is it to fake the reverse lookup?



4:18 am on May 16, 2002 (gmt 0)

How easy is it for a bogus spider to forge the reverse-resolve lookup results?

I understand that if you have an IP number of A.B.C.D, it gets reverse-resolved by asking some server about D.C.B.A.in-addr.arpa

That's just about the extent of my knowledge. I do know that you can get a forged domain name back (by "forged" I mean that the doman is not registered with the root name servers).

I'm wondering because I'm interested in how bogus spiders are able to fly under the radar. They seem to be able to change their reverse lookup, so that if your httpd logs show reverse-resolved domains, you often don't notice that more than one domain is coming from the same exact IP number. And typically, these bots are polite, and they request robots.txt frequently, even though they may ignore it.

You can get pretty far crawling the web with such a bogus bot, because most webmasters won't notice.

Do you have to involve your upstream provider to feed out bogus reverse-resolves? I'm assuming you have zero need for a real domain name, because you don't have a website, and no one has cause to even use your domain. The whole point is to shift around some bogus domains so that you show up in logs under various disguises, for those who log domains instead of IP numbers.


6:52 am on May 16, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Yes, it is very easy to rename a reverse for an IP. You will need control over the arpa reverse. But if you have DNS control you offen have the control to reverse as well.

Featured Threads

Hot Threads This Week

Hot Threads This Month