On Thu, Oct 15, 2015 at 8:12 AM, Richard Hipp <d...@sqlite.org> wrote:
> The website logs are showing a large number of accesses to > > https://www.fossil-scm.org/skin2/raw/ > > with the curious property that the Referer: is set to > "http://0jejhcec65c24dslii.com". The accesses are coming from many > different IP addresses, including several IPv6 addresses. All of them > list their User-Agent as being "Mozilla/4.0 (compatible; MSIE 6.0; > Windows NT 5.1; SV1)". > > Yes, you read that correctly - IE6 on WindowsXP. > > Is this anything to be concerned about? Should I block this anomalous > traffic, or should I just leave them alone? > I found this link that might explain what you're seeing: http://resources.distilnetworks.com/h/i/53822092-is-pushdo-screwing-you-details-of-the-botnet/181642 -- Scott Robison
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users