[ic] Weird ADDITEM
Jon
prtyof5 at attglobal.net
Thu Oct 26 21:52:35 EDT 2006
> Jon <prtyof5 at attglobal.net> wrote:
> > For about 2 or more days I've seen two specific IP addresses add a
> > particular
> > item to their basket. The same 2 IP addresses adding the exact same
> > item.
> > I can see this in the usertrack log file. The weird part is prior to the
> > ADDITEM
> > in usertrack there is no trace of either the IP address or the session
> > ID. Other
> > then of course the prior ADDITEM which occurs every so often. And each
> > time there is a new session ID generated. I'm not sure if this is even
> > something
> > to worry about or simply ignore.
> >
> It sounds as if someone has picked on your website to test a <form> POST
> script. Either that, or some brainless spammer has mistaken your basket
> for a "contact us" form, and has pointed a spam script at it.
>
> Either way, it's probably not something to worry about in this case.
> It might be interesting to dump the whole POST request to a file, to find
> out what they think they're doing. If it turns out to be some yokel with
> a spam script, or other suspicious activity, then you can complain to the
> appropriate ISPs. I doubt that your website will be affected in any way,
> other than a few wasted CPU cycles, and a bit of disk space wasted on the
> one-page session.
>
> You have the option to block those two IPs at your firewall for a while
> (or forever) if you want to do that.
>
> It's good to see someone who actually looks at their log files. :-)
>
> --
> _/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
> _/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
> _/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
> _/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
Appreciate the feedback Kevin.
I do watch my logs perhaps a bit too close but it is interesting what you
can gleam from them.
I didn't think it was much to worry about, but to be safe better to see if
anyone else has seen the same or can provide thoughts. I think the safe
answer is block at least for a while.
Jon
More information about the interchange-users
mailing list