Netriplex

Forum Moderators: open

Message Too Old, No Replies

Netriplex

keyplyr

1:38 pm on Dec 9, 2011 (gmt 0)

rDNS: none
UA: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727)
robots.txt: no

Appending "trackback" to root. Anyone know why?

EXAMPLE: GET www.example.com/trackback

Netriplex colo
66.219.16.0 - 66.219.31.255
66.219.16.0/20

Also, anyone know of anything good in this range?

Pfui

10:05 pm on Dec 9, 2011 (gmt 0)

1.) What was the specific IP, please? (Alternatively, a link to its PHP page?)

2.) Was there a fake referrer?

I ask because I've only seen numerous fake /trackback URI 'appendages' from compromised machines in routinely iffy countries (e.g., Romania), ostensibly using different UAs. Typically the format is:

URI: /dir/filename.html/trackback
REF: /dir/filename.html/

There are also singles, like this (seen many, many times from the long-403'd ubiquityservers.com / ubiquity.io):

URI: /filename.html/trackback
REF: (none)

Thus I figured /trackback was just another exploit gone slightly awry, thus clueing me in to 403 the URI: trackback

keyplyr

12:34 am on Dec 10, 2011 (gmt 0)

66.219.25.239

no referrer

The only other *frequent* visitor I get from that range is:
MLBot (www.metadatalabs.com/mlbot) MLBot

Which gets booted on other parameters.

I figured /trackback was just another exploit gone slightly awry, thus clueing me in to 403 the URI: trackback

That's what I was thinking. However, banned the colo range by principal.

wilderness

1:13 am on Dec 10, 2011 (gmt 0)

banned the colo range by principal.

You may also add the 32-63 Class C on the same principal ;)

keyplyr

1:33 am on Dec 10, 2011 (gmt 0)

You may also add the 32-63 Class C on the same principal ;)

Thanks I didn't have the Corenap range.

Netriplex

keyplyr

Pfui

keyplyr

wilderness

keyplyr

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week