Niffum bulkniffum at iinet.net.au
Sun Jan 11 18:38:02 WST 2009

A few days ago I was bored so i figured it would be a nice waste of 
time to go through my webserver log's... and i found that a 
particular IP address had been hammering what would appear to be 
random sites on my webserver.

A typical log entry would be something like: - - [11/Jan/2009:18:26:28 +0900] "GET 
HTTP/1.0" 404 91 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

I have been monitoring this IP address for a little while now and I 
have noticed something very odd.  I open up Firefox and go to my 
local webserver.  I open my cacti web pages and have a look at the 
pretty graphs.  I then walk away and do something random.  When i 
come back, there is an entry in the apache access log which is 
exactly the same as the one I was looking at.

I thought maybe it was some kind of google bot which was getting its 
information from the referer that firefox was sending out so i 
permanently set that to www.fbi.gov, but that made no difference.

This has been happening, for over a year apparently.

I'm not even sure what to google.  Has any one seen this kind of thing before?

More information about the plug mailing list