[Toolserver-l] potential abuse by 84.114.164.84
Daniel Schwen
lists at schwen.de
Mon Jan 12 00:31:19 UTC 2009
While looking at the access statistics of the Query-to-map tool I discovered
that a large portion of the hits are generated by one single austrian DSL IP
(90000 hits yesterday (9% of all hits that day), 55000 hits so far today, ).
Seemingly random queries to lots of tools. Example:
84.114.164.84 - - [11/Jan/2009:14:03:43
+0000] "HEAD /%7Ekolossos/wp-world/umkreis.php?la=pt&lon=16.285&lat=48.134444&rang=50&map=1
HTTP/1.1" 200 0 "-" "Jakarta Commons-HttpClient/3.1"
84.114.164.84 - - [11/Jan/2009:14:03:49
+0000] "HEAD /~para/earth.php?latdegdec=48.134444&londegdec=16.285&scale=300000
HTTP/1.1" 301 0 "-" "Jakarta Commons-HttpClient/3.1"
84.114.164.84 - - [11/Jan/2009:14:03:49
+0000] "HEAD /~kolossos/wp-world/umkreis.php?la=nl&lon=16.285&lat=48.134444&rang=50&map=1
HTTP/1.1" 301 0 "-" "Jakarta Commons-HttpClient/3.1"
84.114.164.84 - - [11/Jan/2009:14:03:50
+0000] "HEAD /~kolossos/wp-world/umkreis.php?la=pt&lon=16.285&lat=48.134444&rang=50&map=1
HTTP/1.1" 301 0 "-" "Jakarta Commons-HttpClient/3.1"
What is going on here? Proxy?
Daniel
P.S.: there is a webserver on that IP. Looks like a broken Mediawiki
installation, a broken forum installation. No further info though.
More information about the Toolserver-l
mailing list