Online casino games real money sign up bonus philippines.Claim Your Free 999 Pesos Bonus Today

cdmarine
(@cdmarine)

15 years, 1 month ago

I’m getting a whole lot of what behaves like referrer spam, but contains no referrer. Repeated requests (mostly for image files) on and on and on from a single IP (apparently spoofed because blocking it seems to do no good).

I first noticed this happening after StatCounter logged a few visits from notorious black seo sites.

I’m at a loss as to what to do about it. I can’t block by IP address because that’s apparently spoofed. I can’t block by referrer because there is no referrer.

What are these people up to? What is the point? Is it purely a DOS attack? As of yet, it doesn’t seem intense or sustained enough to achieve real denial of service. Just major annoyance.

Any idea how to get rid of it?

Viewing 1 replies (of 1 total)

Thread Starter cdmarine
(@cdmarine)

15 years, 1 month ago

Here are a few representative samples:

66.147.242.150 – – [17/Jan/2010:10:11:57 -0700] “POST /wp-cron.php?doing_wp_cron HTTP/1.0” 200 312 “-” “WordPress/2.9.1; https://{MySiteURL}”
66.147.242.150 – – [17/Jan/2010:10:11:58 -0700] “GET {File_1.jpg} HTTP/1.0” 200 147310 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:11:58 -0700] “GET {File_1.jpg} HTTP/1.0” 200 147310 “-” “-“
67.210.218.88 – – [17/Jan/2010:10:11:57 -0700] “GET {BlogPostThatCallsFile_1}/ HTTP/1.0” 200 18686 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_1.jpg} HTTP/1.0” 200 147310 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_1.jpg} HTTP/1.0” 200 147310 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_1.jpg} HTTP/1.0” 200 147310 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_1.jpg} HTTP/1.0” 200 147310 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_2.jpg} HTTP/1.0” 200 80884 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_2.jpg} HTTP/1.0” 200 80884 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_2.jpg} HTTP/1.0” 200 80884 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_2.jpg} HTTP/1.0” 200 80884 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_3.jpg} HTTP/1.0” 200 66663 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_3.jpg} HTTP/1.0” 200 66663 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_3.jpg} HTTP/1.0” 200 66663 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_3.jpg} HTTP/1.0” 200 66663 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_4.jpg} HTTP/1.0” 200 131329 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_4.jpg} HTTP/1.0” 200 131329 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_4.jpg} HTTP/1.0” 200 131329 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_4.jpg} HTTP/1.0” 200 131329 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_5.jpg} HTTP/1.0” 200 112541 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_5.jpg} HTTP/1.0” 200 112541 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_5.jpg} HTTP/1.0” 200 112541 “-” “-“
66.147.242.150 – – [17/Jan/2010:10:15:09 -0700] “GET {File_5.jpg} HTTP/1.0” 200 112541 “-” “-”

This goes on and on and on, with each file getting hit 4 times in rapid succession.

And, here’s an interesting bit where two different IP’s are pretty clearly operating together:

66.147.242.150 – – [17/Jan/2010:11:33:55 -0700] “GET {File_25.jpg} HTTP/1.0” 200 141375 “-” “-“
66.147.242.150 – – [17/Jan/2010:11:33:55 -0700] “GET {File_25.jpg} HTTP/1.0” 200 141375 “-” “-“
75.17.127.35 – – [17/Jan/2010:11:33:53 -0700] “GET /{BlogPostThatCallsFile_25}/ HTTP/1.1” 200 5213 “https://images.google.com/imgres?imgurl=https://{MySiteURL}{File_25.jpg}&imgrefurl=https://{MySiteURL}/{BlogPostThatCallsFile_25}/&usg=__A6g9h9Dv7eUA94SLKeFrvOELmto=&h=333&w=500&sz=138&hl=en&start=14&um=1&tbnid=xsI7Sgy1Jd_V4M:&tbnh=87&tbnw=130&prev=/images%3Fq%3Drussian%2Bteacakes%26ndsp%3D20%26hl%3Den%26rls%3Dcom.microsoft:en-us:IE-Address%26rlz%3D1I7GGLL_en%26sa%3DN%26um%3D1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
75.17.127.35 – – [17/Jan/2010:11:33:55 -0700] “GET {File_25.jpg} HTTP/1.1” 200 141412 “https://images.google.com/imgres?imgurl=https://{MySiteURL}{File_25.jpg}&imgrefurl=https://{MySiteURL}/{BlogPostThatCallsFile_25}/&usg=__A6g9h9Dv7eUA94SLKeFrvOELmto=&h=333&w=500&sz=138&hl=en&start=14&um=1&tbnid=xsI7Sgy1Jd_V4M:&tbnh=87&tbnw=130&prev=/images%3Fq%3Drussian%2Bteacakes%26ndsp%3D20%26hl%3Den%26rls%3Dcom.microsoft:en-us:IE-Address%26rlz%3D1I7GGLL_en%26sa%3DN%26um%3D1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
75.17.127.35 – – [17/Jan/2010:11:33:56 -0700] “GET /favicon.ico HTTP/1.1” 404 3652 “-” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
66.147.242.150 – – [17/Jan/2010:11:34:00 -0700] “GET {File_25.jpg} HTTP/1.0” 200 141375 “-” “-“
66.147.242.150 – – [17/Jan/2010:11:34:00 -0700] “GET {File_25.jpg} HTTP/1.0” 200 141375 “-” “-“
75.17.127.35 – – [17/Jan/2010:11:33:59 -0700] “GET /{BlogPostThatCallsFile_25}/ HTTP/1.1” 200 5213 “https://images.google.com/imgres?imgurl=https://{MySiteURL}{File_25.jpg}&imgrefurl=https://{MySiteURL}/{BlogPostThatCallsFile_25}/&usg=__A6g9h9Dv7eUA94SLKeFrvOELmto=&h=333&w=500&sz=138&hl=en&start=14&um=1&tbnid=xsI7Sgy1Jd_V4M:&tbnh=87&tbnw=130&prev=/images%3Fq%3Drussian%2Bteacakes%26ndsp%3D20%26hl%3Den%26rls%3Dcom.microsoft:en-us:IE-Address%26rlz%3D1I7GGLL_en%26sa%3DN%26um%3D1” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
75.17.127.35 – – [17/Jan/2010:11:34:00 -0700] “GET /wp-includes/js/comment-reply.js?ver=20090102 HTTP/1.1” 200 1172 “https://{MySiteURL}/{BlogPostThatCallsFile_25}/” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
75.17.127.35 – – [17/Jan/2010:11:34:00 -0700] “GET /wp-content/plugins/sociable/sociable.css?ver=abc HTTP/1.1” 200 1224 “https://{MySiteURL}/{BlogPostThatCallsFile_25}/” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
75.17.127.35 – – [17/Jan/2010:11:34:00 -0700] “GET /wp-content/themes/thesis_151/layout.css?112209-61142 HTTP/1.1” 200 14117 “https://{MySiteURL}/{BlogPostThatCallsFile_25}/” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
75.17.127.35 – – [17/Jan/2010:11:34:00 -0700] “GET /wp-content/themes/thesis_151/custom/custom.css?102809-81031 HTTP/1.1” 200 2763 “https://{MySiteURL}/{BlogPostThatCallsFile_25}/” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
75.17.127.35 – – [17/Jan/2010:11:34:00 -0700] “GET /wp-content/themes/thesis_151/style.css?061109-50649 HTTP/1.1” 200 375 “https://{MySiteURL}/{BlogPostThatCallsFile_25}/” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
75.17.127.35 – – [17/Jan/2010:11:34:00 -0700] “GET /wp-content/themes/thesis_151/lib/css/ie.css HTTP/1.1” 200 372 “https://{MySiteURL}/{BlogPostThatCallsFile_25}/” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
75.17.127.35 – – [17/Jan/2010:11:34:00 -0700] “GET /wp-content/plugins/wp-spamfree/js/wpsf-js.php HTTP/1.1” 200 0 “https://{MySiteURL}/{BlogPostThatCallsFile_25}/” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”

So… any ideas what this is and how to stop it?

Viewing 1 replies (of 1 total)

The topic ‘Referrer spam with no referrer? What is this?’ is closed to new replies.

Referrer spam with no referrer? What is this?

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics