On Thu, Aug 24, 2006 at 12:30:13PM -0400, Daniel Ouellet wrote:
> Ryan Corder wrote:
> >On Wed, 2006-08-23 at 20:36 -0400, Daniel Ouellet wrote:
> >>200.82.74.176 - - [23/Aug/2006:12:42:37 -0400] "GET
> >>/events/index.php?EventID=58 HTTP/1.1" 200 5 "-" "Mozilla/4.0
> >>(compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
> >
> >the following URL may be of interest to you:
> > http://grotto11.com/blog/slash.html?+1039831658
>
> Interesting reading.
>
> Thanks. That's not what is happening here however. Like in the original
> post. The URL called is a very old one that have no reason to be called
> to that level anyway. Plus looking at the IP logged, no other request to
> any other pages are done from that source so far. So, only attack are
> done from them so far.
>
> I am now up to 11,149 simultaneous sources for the last 22 hours.
>
> Someone is having fun at my expense.
>
> But still holding on remarkably well!
Did you already check that the page is, indeed, the page you expect it
to be? And not, say, some botnet-controller?
Joachim
