The scripts do not do any HTTP_REFERRER checking, but that could easily
be built in to any version of the scripts
Charles Daminato
TUCOWS Product Manager
[EMAIL PROTECTED]
On Thu, 13 Sep 2001, Matthew Asham wrote:
> Since September 4th we've had 16987 identical requests from 24.27.115.199 to
> our reg_system.cgi.
>
> The request is an HTTP/1.0 post request with
> action=lookup&domain=somedomain.foo&affiliate_id=
>
> The UserAgent is reported as Mozilla Compatible (MS IE 3.01 WinNT) and
> it sends a Host header even though it's doing an HTTP/1.0 request.
>
> A quick grep through a few minutes worth of snort caps show lookups
> for many domain names : mmb.net, tdt.net, mof.com, aol.org, ugm.com,
> byq.org, kof.org, y2k.net, 3fs.com, zvv.com, v2t.com, etc.).
>
> The script is not hammering us at all (no doubt how they avoided
> attention this long), requests are coming in at intervals of 4 seconds up
> over a minute.
>
> I've already contacted RR about this, but I figured I'd mention it just in
> case others are experiencing the same.
>
> Do the 2.4 scripts do HTTP_REFERER checking? If not, then I would really
> like to
> see this get added in some build.
>
> Thanks and good night
>
> MAtthew
>
> --
> Matthew Asham, VE7UDP
> Left Coast Systems Corp, SuperWebhost.com
>
>
>
