Spam my blog and I report your site to Google for banning. You've been warned!
« Complained to the FTC | Main | I found the proxy app »
January 17, 2005
An open proxy log
I just acquired the log from an open proxy that's been shut down by now (thanks, you know who you are!).
I located the accesses to my log, and they were originating (as far as THAT log goes) from
69.50.166.18
69.50.166.18-custblock.intercage.com
Atrivo's netblock, what do you know.
I did a strain for mt-comments, and these are the IP numbers I found, starting as early as December 12. He's going full blast here until December 15, then nothing until January 11 (that's when the log stops):
66.225.229.193
69.50.170.162
69.50.166.18
69.50.170.122
I also did a search for google by itself, but couldn't use the results. Too many banners and ads. Some people have used this server to defraud the big companies, INCLUDING Google!
But once I strained all that out, I found some interesting results.
I also got some google searches
In January:
inurl:mt-comments.cgi motility
inurl:mt-comments.cgi laudatory
I also found lots of searches in January for powered by. And the software searched for was:
b2evolution
serendipity
pmachine
bmachine
atlassian
boastmachine
drupal
In December:
powered by pmachine throughout caper
powered by bmachine conirostral (no hits)
powered by drupal talon
powered by pmachine redeless (no hits)
I also found loads of searches for domain names spammed by this machine.
I think he's also going for wikis. Found a search for the Tiki CMS.
He has this special search strategy I haven't seen before. It returns rank!
I can't duplicate the searches with other URL's, because there's some sort of code inserted there, and if I try, I get a 403 forbidden page from Google. But rank is displayed like this:
Rank_1:1:3
(Update: This site does something similar: http://www.googlerankings.com/ )
And that's all there is on the page.
The domains searched for by 69.50.170.122 (69-50-170-122.esthost.com) on January 10 and 11 are registered to several different contacts:
e-leave
Yukkii (yukkikunikkennen@yahoo.com)
3 Connell Dr.
Berkeley Heights
NY,07922
US
Tel. +1.9082342243
Pinging 69.50.163.37, and it seems to be a machine with primary dns the same as the domain name I checked. Responsible person according to the zone is: r5h132@yahoo.com. That address was created the same day that domain name was purchased, or the day after, depending on international time zones etc. Yahoo goes by GMT. Ip block: Atrivo
On January 11, this spammer goes on to search for specific websites he doesn't own.
Posted by Ann at January 17, 2005 12:56 PM
Trackback Pings
TrackBack URL for this entry:
http://www.annelisabeth.com/blog/mt-tb.cgi/94
Listed below are links to weblogs that reference An open proxy log:
» Referrer Spam Attack from How Now, Brownpau?
Referrer Spam. For myself and for anyone curious about my inbound traffic, my installation of Refer is public, but hidden from search engines by a... [Read More]
Tracked on January 18, 2005 12:21 AM
Comments
Posted by: Anonymous at January 17, 2005 12:56 PM