DVR Chatter

Discussing the DCT-6412, Home Theater Devices, Entertainment, Celebrity and the Cable Industry. Not affiliated with any Cable Company, Hardware Manufacturer or Software Developer.



You are not logged in.

-->

#1 04-08-2008 6:28:21 PM

Frank
DVR Chatter Honcho
From: Bucks, PA
Registered: 02-12-2005
Posts: 2881
PM  Website

Deconstructing a Spam Attempt

Here's a window into the server logs during today's spam attempt.

User arrives from google.  IP address out of Asia.
59.95.33.98

Code:

59.95.33.98 - - [08/Apr/2008:05:38:18 -0500] "GET / HTTP/1.1" 200 19674 "http://google.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

User switches IP addresses, reloads page.
59.94.238.165

Code:

59.94.238.165 - - [08/Apr/2008:05:38:40 -0500] "GET / HTTP/1.1" 200 19674 "http://google.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
59.94.238.165 - - [08/Apr/2008:05:38:52 -0500] "GET /register.php HTTP/1.1" 200 8560 "http://www.dvrchatter.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

User switches IP addresses again (this one appears to be "his" actual address, as it's the only one that resolves).

58.156.42.99
58x156x42x99.ap58.ftth.ucom.ne.jp

Registers with the email address: cb8uahz5am@hotsearch.biz

Code:

58.156.42.99 - - [08/Apr/2008:05:39:11 -0500] "GET /register.php?agree=Agree HTTP/1.0" 200 10562 "http://www.dvrchatter.com/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.156.42.99 - - [08/Apr/2008:05:39:13 -0500] "POST /register.php?action=register HTTP/1.0" 200 793 "http://www.dvrchatter.com/register.php?agree=Agree" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

IP switch
59.94.238.165

Code:

59.94.238.165 - - [08/Apr/2008:05:39:17 -0500] "GET /register.php?agree=Agree HTTP/1.1" 200 10575 "http://www.dvrchatter.com/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

IP switch again. This is the one he posted under.  Dubai, UAE address block.
86.96.226.14

Code:

86.96.226.14 - - [08/Apr/2008:16:53:58 -0500] "GET / HTTP/1.1" 200 19862 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
86.96.226.14 - - [08/Apr/2008:16:54:00 -0500] "GET /login.php HTTP/1.1" 200 6327 "http://www.dvrchatter.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
86.96.226.14 - - [08/Apr/2008:16:54:01 -0500] "POST /login.php?action=in HTTP/1.1" 200 791 "http://www.dvrchatter.com/login.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

Banned all appropriate IP ranges.  Thanks to all who jumped all over this.

Offline

 

#2 04-08-2008 6:57:37 PM

Wareagle
Charter Member
From: Bellevue, WA
Registered: 02-15-2005
Posts: 1073
PM

Re: Deconstructing a Spam Attempt

I'll never understand the motivation for things like this.  roll

Offline

 

#3 04-08-2008 7:17:20 PM

Frank
DVR Chatter Honcho
From: Bucks, PA
Registered: 02-12-2005
Posts: 2881
PM  Website

Re: Deconstructing a Spam Attempt

This one's money.  The other things I don't get either.

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson