-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 20 March 2003 1:16 pm, Patrick Shanahan wrote:
* Tom Emerson
[03-20-03 14:57]:
[also, if the content being served is, ummm, "questionable", then perhaps the RR folks will take notice...]
I do not think, although I cannot understand, that RoadRunner is *interested*. ... They keep asking me if it is *spam* <grin>.
So, tell them it is spam (or at the very least that you consider it "abuse" as it is using resources against your wishes, though it is kind of hard to support the claim that web requests are "against your wishes" when you do, in fact, run a web server) I sent a similar item to my ISP's abuse department for an identical problem: another PB customer was sending me those very same "cmd.exe?" requests -- I verified that it was another PB customer via a traceroute that showed the last hop before the "cust-rtr" [customer router, I presume] was a numbered DSL line similar to the one I have. In any case, the cmd.exe requests stopped almost immediately, then two days later they were replaced with "default.ida?XXXXXXXXXXX's forever..." from the same IP address (dunno which is worse, this long entry or a dozen shorter cmd.exe entries...) [you can see what I'm getting hit with and how often at this location: http://osnut.homelinux.net/awstats.osnut.homelinux.net.errors404.html be aware that MOST of these have indeed been coming from the same address] Version 5.5 of awstats "cleans up" that "default.ida?" entry by ignoring the query string, but it is still in development (a quick check of my logs does show you've taken a look before, but I don't think you saw the "errors" page) - -- Yet another Blog: http://osnut.homelinux.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: http://osnut.homelinux.net/TomEmerson.asc iD8DBQE+ejYuV/YHUqq2SwsRAjlbAJoCS2Ywd32aD8C3UTFcenZnVEafqQCfbkrE 5wVgujBVahfGJoqfuPGWdxw= =XEcY -----END PGP SIGNATURE-----