Skip To Navigation

They're playing with us...

Found this from the Bulgarians in my log file:

  1. 200.196.101.98 - - [11/Jul/2005:01:09:22 -0400] "GET /r/blog/198 HTTP/1.1" 404 24 "http://www.available-credit.com/mortgage-loans.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
  2. 200.196.101.98 - - [11/Jul/2005:01:09:26 -0400] "GET /r/blog/198 HTTP/1.1" 404 24 "http://www.available-credit.com/mortgage-loans.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
  3. 69.10.151.18 - - [11/Jul/2005:01:09:46 -0400] "GET /r/blog/198 HTTP/1.0" 200 4641 "-" "-"
  4. 200.196.101.98 - - [11/Jul/2005:01:10:22 -0400] "POST /r/blog/rdpress/198.comment HTTP/1.1" 404 24 "http://rdmsoft.com/r/blog/198" "Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]"
  5. 200.196.101.98 - - [11/Jul/2005:01:16:05 -0400] "POST /r/blog/rdpress/198.comment HTTP/1.1" 404 1856 "http://rdmsoft.com/r/blog/198" "Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]"
  6. 204.83.150.116 - - [11/Jul/2005:01:16:11 -0400] "POST /r/blog/rdpress/198.comment HTTP/1.0" 404 234 "http://rdmsoft.com/r/blog/198" "Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]"

The first two requests got caught by my check for the X-AAAAAAAAAAAA header. These spammers have been sending distinctive headers like this for a while, and nobody really knows why. It makes them easy to filter, until they suddenly change.

However, the other hits didn't have this header. Okay, so my other filters still blocked them, but it's a bit disconcerting to see that they're actually surveying my blocking skills...

⇐13 Jul 2005 - Like a broken pencil / 10 Jul 2005 - ChatZilla Update⇒

Feedback

Feedback is closed. Feel free to contact me privately.

tH