There Is No Cat

The alternative to flowers!

Saturday, November 9, 2002

Clarified Spam

RFC 2616 clarifies what was happening with the attack on my server. The RFC defines HTTP 1.1. Section 9 defines the various methods in HTTP, such as GET or POST and even the relatively obscure PUT. I didn't realize that there was a CONNECT method, but section 9.9 of the RFC contains this single paragraph:

This specification reserves the method name CONNECT for use with a proxy that can dynamically switch to being a tunnel (e.g. SSL tunneling [44]).

So what happened was that the scum at 216.144.230.51 through 216.144.230.56 had for some reason decided that my server was an open proxy, which is one of the more recent approaches to server hijacking that spammers have taken, and were trying to spam through it. Hence the attempts to access my server using the CONNECT method. I'd never really thought about how spammers would use open proxy servers to send spam, but now I know. I wish these bastards would get thrown in jail for theft, because that's what they do amounts to.

I suppose I can take some solace in the fact that none of their attempts through my server were successful, according to my hosting service. So while the scum-sucking leeches thought they were spamming, they were getting a 403 Forbidden message every ten seconds instead. It still pisses me off, though. And I'm still not pleased that I never heard back from eWAN about my complaint about what one of their clients is doing.

Posted at 10:38 PM

Comments

Note: I’m tired of clearing the spam from my comments, so comments are no longer accepted.

They're attacking my site too. I also ran traceroute and found that their IP addresses are owned by an ISP called cogent communications. After calling them, I sent my access log to abuse@cogentco.com. I immediately received a reply indicating that they would look into it. I tried adding a directive to my access.conf file to deny's access from all but that didn't work. Could you post the directives in your .httpaccess file that caused smaller messages to be sent back to the requestor?

Posted by Jeff Holt at 11:35 AM, November 12, 2002 [Link]

In my .htaccess file, I have the following line:

Deny From 216.144.230.51 216.144.230.52 216.144.230.53 216.144.230 .54 216.144.230.55 216.144.230.56

(That's all as one line). After I placed this line in the file, all accesses from these IP addresses started showing up in my logs as 403 instead of 200, so I know it works.

Posted by ralph at 12:05 PM, November 12, 2002 [Link]

The same IPs having been hitting my little webserver up here in Canada for the past two weeks -- 40,000 CONNECT requests yesterday alone. I followed your advice and sent email to abuse@cogentco.com.

Posted by Peter Rukavina at 11:36 AM, November 13, 2002 [Link]

Another option:

/sbin/route add -host 216.144.230.51 reject

/sbin/route add -host 216.144.230.52 reject

/sbin/route add -host 216.144.230.53 reject

/sbin/route add -host 216.144.230.54 reject

/sbin/route add -host 216.144.230.55 reject

/sbin/route add -host 216.144.230.56 reject

This will drop all network traffic from these IPs before it even hits your server.

Posted by Peter Rukavina at 11:42 AM, November 13, 2002 [Link]

Thanks, Peter. I just want to note that your solution will only work if you administer your own server, since it needs to be done by a superuser.

Posted by ralph at 2:25 PM, November 13, 2002 [Link]

Trackbacks

This site is copyright © 2002-2024, Ralph Brandi.

What do you mean there is no cat?

"You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is that there is no cat."

- Albert Einstein, explaining radio


There used to be a cat

[ photo of Mischief, a black and white cat ]

Mischief, 1988 - December 20, 2003

[ photo of Sylvester, a black and white cat ]

Sylvester (the Dorito Fiend), who died at Thanksgiving, 2000.


Stylesheets


This site is powered by Missouri. Show me!

Valid XHTML 1.0!

Valid CSS!

XML RSS feed

Read Me via Atom

new host

Me!

Home Page
Resume
Married
Photographs
Flickr Photostream
Instagram Archive
Twitter Archive

last.fm

There Is No Cat is a photo Ralph Brandi joint.


Archives

Search



Family Blogs

Geneablogy
Jersey Girl Dance
Awakening
DullBlog
Mime Is Money

Blogs I Read

2020 Hindsight
AccordionGuy
Adactio
Allied
Apartment Therapy
Assorted Nonsense
Backup Brain
Burningbird
Chocolate and Vodka
Creative Tech Writer
Critical Distance
Daily Kos
Dan Misener likes the radio
Daring Fireball
Design Your Life
design*sponge
Doc Searls
Edith Frost
Elegant Hack
Emergency Weblog
Empty Bottle
Five Acres with a View
Flashes of Panic
Future of Radio
Groundhog Day
Hello Mary Lu
iheni
Inessential
Interllectual
Jeffrey Zeldman Presents
Jersey Beat
John Gushue ... Dot Dot Dot
john peel every day
JOHO The Blog
Kathryn Cramer
Kimberly Blessing
La Emisora de la Revolucion
Lacunae
Loobylu
mamamusings
Medley
mr. nice guy
MyDD
Orcinus
oz: the blog of glenda sims
Pinkie Style
Pinkie Style Photos
Pop Culture Junk Mail
Seaweed Chronicles
Shortwave Music
Slipstream
Talking Points Memo
The Unheard Word
Tom Sundstrom - trsc.com
Typographica
Unadorned
Vantan.org
WFMU's Beware of the Blog