[ic] Weird ADDITEM

Jon prtyof5 at attglobal.net
Thu Oct 26 21:52:35 EDT 2006


> Jon <prtyof5 at attglobal.net> wrote:
> > For about 2 or more days I've seen two specific IP addresses add a
> > particular
> > item to their basket. The same 2 IP addresses adding the exact same
> > item.
> > I can see this in the usertrack log file. The weird part is prior to the
> > ADDITEM
> > in usertrack there is no trace of either the IP address or the session
> > ID.  Other
> > then of course the prior ADDITEM which occurs every so often. And each
> > time there is a new session ID generated. I'm not sure if this is even
> > something
> > to worry about or simply ignore.
> >
> It sounds as if someone has picked on your website to test a <form> POST
> script.  Either that, or some brainless spammer has mistaken your basket
> for a "contact us" form, and has pointed a spam script at it.
>
> Either way, it's probably not something to worry about in this case.
> It might be interesting to dump the whole POST request to a file, to find
> out what they think they're doing.  If it turns out to be some yokel with
> a spam script, or other suspicious activity, then you can complain to the
> appropriate ISPs.  I doubt that your website will be affected in any way,
> other than a few wasted CPU cycles, and a bit of disk space wasted on the
> one-page session.
>
> You have the option to block those two IPs at your firewall for a while
> (or forever) if you want to do that.
>
> It's good to see someone who actually looks at their log files. :-)
>
> --
>    _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
>   _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
>  _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
> _/   _/  _/_/_/_/      _/    _/_/_/  _/    _/
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users

    Appreciate the feedback Kevin.

    I do watch my logs perhaps a bit too close but it is interesting what you
can gleam from them.

    I didn't think it was much to worry about, but to be safe better to see if

anyone else has seen the same or can provide thoughts. I think the safe
answer is block at least for a while.

Jon




More information about the interchange-users mailing list