Re: Possible Hijacking from Globix

This WebDNA talk-list message is from

2002


It keeps the original formatting.
numero = 42737
interpreted = N
texte = Try thishttp://wtv-zone.com/JBond/chowmein.swf-- Stuart Tremain idfk web developments - AustraliaOn Wednesday, 21 August 2002, Michael Davis wrote: >I've already done a whammy on the page for those two addresses. >You don't even want to know what kind of images I've swapped in >place of the images of The Beatles. :O. Hopefully it'll get >someone's attention. > >Mike > >On Tuesday, August 20, 2002, at 04:48 PM, Stuart Tremain wrote: > >> Put a >> >> [hideif [ipaddress]=theiripaddress] all the good stuff [/HideIf] >> >> in the page! >> >> -- >> Stuart Tremain >> idfk web developments - Australia >> >> On Wednesday, 21 August 2002, Michael Davis >> wrote: >>> A page on my server is being hit at a rate of about 20 hits/hr from >>> the same two IP addresses registered to a company in GB called >>> Scrollock Computers. They seem to be owned by Globix >>> (globix.com). I see that Globix does proxy services. I'm >>> wondering if this is what is hitting my page. I haven't seen a >>> reply from them to a message I sent inquiring, but it may be that >>> it's too late there. The page being hit is a products details page >>> for a few Beatles CD's we carry. I've done some statistics: >>> 1. Always the same browser UA. Mozilla/4.0 (compatible; MSIE 5.0; >>> Windows NT; DigExt) >>> 2. Only 1 out of 100 hits includes a cookie that I set on the page >>> (return visitor) >>> 3. All hits from two IP addresses: 213.219.017.220, 213.219.058.019 >>> 4. Javascript Code seems to be stripped out of what the final >>> viewer sees. >>> (I assume this because I put a javascript in the page that would >>> preload an image. >>> I added some variables to the image request so that I could >>> possibly see what url >>> the person behind the proxy was visiting and what UA they were >>> using. So far, no >>> hits to that image.) >>> 5. Always the same [cart] string. So they are proxying a page that >>> is useless as an actual e-commerce application. >>> 6. After three days of this, that cart file is still empty. This >>> leads me to believe that they may also be stripping out the click >>> to order button on the page. >>> >>> Globix looks pretty big from their web site. Has anyone else had >>> an experience with them like this? >>> >>> >>> >>> Mike > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://search.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Possible Hijacking from Globix (Dale Therio 2002)
  2. Re: Possible Hijacking from Globix (Glenn Busbin 2002)
  3. Re: Possible Hijacking from Globix (Stuart Tremain 2002)
  4. Re: Possible Hijacking from Globix (Michael Davis 2002)
  5. Re: Possible Hijacking from Globix (Michael Davis 2002)
  6. Re: Possible Hijacking from Globix (Stuart Tremain 2002)
  7. Re: Possible Hijacking from Globix (Michael Davis 2002)
  8. Re: Possible Hijacking from Globix (Stuart Tremain 2002)
  9. OT: Possible Hijacking from Globix (Michael Davis 2002)
Try thishttp://wtv-zone.com/JBond/chowmein.swf-- Stuart Tremain idfk web developments - AustraliaOn Wednesday, 21 August 2002, Michael Davis wrote: >I've already done a whammy on the page for those two addresses. >You don't even want to know what kind of images I've swapped in >place of the images of The Beatles. :O. Hopefully it'll get >someone's attention. > >Mike > >On Tuesday, August 20, 2002, at 04:48 PM, Stuart Tremain wrote: > >> Put a >> >> [hideif [ipaddress]=theiripaddress] all the good stuff [/HideIf] >> >> in the page! >> >> -- >> Stuart Tremain >> idfk web developments - Australia >> >> On Wednesday, 21 August 2002, Michael Davis >> wrote: >>> A page on my server is being hit at a rate of about 20 hits/hr from >>> the same two IP addresses registered to a company in GB called >>> Scrollock Computers. They seem to be owned by Globix >>> (globix.com). I see that Globix does proxy services. I'm >>> wondering if this is what is hitting my page. I haven't seen a >>> reply from them to a message I sent inquiring, but it may be that >>> it's too late there. The page being hit is a products details page >>> for a few Beatles CD's we carry. I've done some statistics: >>> 1. Always the same browser UA. Mozilla/4.0 (compatible; MSIE 5.0; >>> Windows NT; DigExt) >>> 2. Only 1 out of 100 hits includes a cookie that I set on the page >>> (return visitor) >>> 3. All hits from two IP addresses: 213.219.017.220, 213.219.058.019 >>> 4. Javascript Code seems to be stripped out of what the final >>> viewer sees. >>> (I assume this because I put a javascript in the page that would >>> preload an image. >>> I added some variables to the image request so that I could >>> possibly see what url >>> the person behind the proxy was visiting and what UA they were >>> using. So far, no >>> hits to that image.) >>> 5. Always the same [cart] string. So they are proxying a page that >>> is useless as an actual e-commerce application. >>> 6. After three days of this, that cart file is still empty. This >>> leads me to believe that they may also be stripping out the click >>> to order button on the page. >>> >>> Globix looks pretty big from their web site. Has anyone else had >>> an experience with them like this? >>> >>> >>> >>> Mike > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://search.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Stumpted Again (1997) Database Options (1997) OT: Prevent Caching js Files (2003) WebCat2 - Getting to the browser's username/password data (1997) ThreadMem ignored? (1998) Running 2 two WebCatalog.acgi's (1996) rename a file (1997) Running on Empty (1999) Shed some light on web delivery? (2000) form data submission gets truncated (1997) Intermitent problem using [referrer] (1997) Protect vs Authenicate (1997) multi-paragraph fields (1997) Stats (2001) 3.0 [TEXT] variables (1998) WebCat2 several catalogs? (1997) TRAINING videos - Prove IT. (1998) How To question on setting up downloads (1997) WebDelivery downloads alias, not original ? (1997) Add to a filename in multifile upload (2002)