No-doubt naive question

Forum Moderators: phranque

Message Too Old, No Replies

No-doubt naive question

(Please excuse -- I'd love to know more about this stuff, but I don't)

Don Markstein

3:04 am on Mar 8, 2003 (gmt 0)

My (rather primitive) log analysis notes a very odd item in the category "Top ... URLs By KBytes". It says the URL "[mydomain.com]/src/right_main.php" has had 247 hits so far in March, through which it has transferred no less than 7140 kilobytes of data.

There is no such URL on my site. Attempting to go there confirms the fact -- I get a message saying the URL doesn't exist. Nor have I ever noticed it in the logs before.

So -- how could it have transferred seven megs? And to whom?

I'd ask if anyone can offer a guess as to what's going on, but for all I know, this is something perfectly normal, and the only reason it seems odd to me is that I don't know enough about webmastering to understand it.

So my question is -- can anyone tell me where these hits and this data transfer are coming from? Or have I truly encountered something weird?

Thanks.

takagi

8:55 pm on Mar 8, 2003 (gmt 0)

Do you use some mail software like SquirrelMail?

Don Markstein

9:54 pm on Mar 8, 2003 (gmt 0)

As a matter of fact, my host switched to SquirrelMail just a month or two ago. Is that it?

Another question, possibly related: By the nature of my site, I get a fair number of questions from strangers, which I generally try to reply to in a reasonably timely manner (tho if things get busy I'm not a fanatic about it). Three times since the switch, a reply has bounced back, with a claim that the replyee's ISP won't accept anything from my domain because of alleged spam originating from it.

I've never spammed anyone in my life. I'm not too worried about this because after all, I'm just doing a free favor for a stranger, and so what if their ISP is too finnicky to let me communicate with them? (I use another address for most business, so I have no trouble reaching the people I actually have to deal with.)

Still, an unjust accusation is an unjust accusation. Like I said, this has happened only since the switch to SquirrelMail.

(By the way, in all three cases, the ISP involved was something called Road Runner, at rr.com. Is it just that they've run amuck on the subject of security or something?)

Thanks for the reply, takagi, and for any other info you or anyone else can supply.

carfac

5:29 am on Mar 9, 2003 (gmt 0)

Hi Don:

Sorry, I cannot help you too much here (but I think it sounds like you need to do your mail elsewhere!0

I do know that I get REGULAR hacking attempts from geeks at Road Runner. Sure, I know the ISP cannot help that, but RR does sure seem to have more of them!

Good Luck!

dave

dingman

7:02 am on Mar 9, 2003 (gmt 0)

hacking attempts from geeks at Road Runner.

I don't notice RR as a particularly notable source in and of itself, but broadband internet providers in generall are the source of both most of the cracking attempts I get and most of the spam I get. As you said, not really the ISP's fault.

jamesa

7:36 am on Mar 9, 2003 (gmt 0)

Three times since the switch, a reply has bounced back, with a claim that the replyee's ISP won't accept anything from my domain because of alleged spam originating from it.

You are probably on a spam blacklist. The various blacklists list IPs and/or domain names that have been known for spamming (or open relays), and spam filtering agents will use these lists. There's at least one list that I'm aware of (SPEWS.org) that lists the entire net block that the offending IP is part of - so if someone in your netblock gets listed it affects you as well. I feel for you if this happened to you.