[plug] 150.70.84.43
Niffum
bulkniffum at iinet.net.au
Sun Jan 11 18:38:02 WST 2009
A few days ago I was bored so i figured it would be a nice waste of
time to go through my webserver log's... and i found that a
particular IP address had been hammering what would appear to be
random sites on my webserver.
A typical log entry would be something like:
150.70.84.43 - - [11/Jan/2009:18:26:28 +0900] "GET
/cacti/graph_image.php?local_graph_id=368&rra_id=0&view_type=tree&graph_start=1231579396&graph_end=1231665796
HTTP/1.0" 404 91 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
I have been monitoring this IP address for a little while now and I
have noticed something very odd. I open up Firefox and go to my
local webserver. I open my cacti web pages and have a look at the
pretty graphs. I then walk away and do something random. When i
come back, there is an entry in the apache access log which is
exactly the same as the one I was looking at.
I thought maybe it was some kind of google bot which was getting its
information from the referer that firefox was sending out so i
permanently set that to www.fbi.gov, but that made no difference.
This has been happening, for over a year apparently.
I'm not even sure what to google. Has any one seen this kind of thing before?
More information about the plug
mailing list