[KLUG Members] Chasing people down.
Adam Bultman
members@kalamazoolinux.org
Fri, 28 Jun 2002 11:35:03 -0400 (EDT)
Thank you, Adam. I'll try that. I get logs of nice IP addresses, and
referrers, to boot. I'll see what I can do, although a LOT of the
addresses don't have anythning when I do a 'host n.n.n.n" request.
I'll keep everyone postsed, if they want.
--
Adam Bultman
adam@glaven.org
[ http://www.glaven.org ]
On Fri, 28 Jun 2002 adam@morrison-ind.com wrote:
> >Okay. I've posted this to another listserv, but I think it has too small
> >of a knowledge base. Or, failing that, too small a base of people who
> >don't filter me. <pause for laughter>
> >Anyway, you all probably remember my two servers getting used as proxy
> >story, so I submit to you: How do I track these people down? I still run
> >tail -f 's on the access logs, and I still get enough hits to have almost
> >a constantly scrolling list go by. My questions are:
> >1. How do I find out if someone is using (or attempting now) to use my
> >server as a free proxy? Excuse me: How do I find WHO is using me?
>
> Your proxy is available from the Internet?! If you see log entries traceroute
> back to the source address, reverse lookup on the address, lookup the domain
> in whois, and contact their administrative contact.
>
> > 2. How do I find out if it's a site using me, or a person (i.e. a port/ad
> > site or just a few people using me as a personal proxy?)
>
> If it is always the same request I doubt it is a human user.
>
> >I've tried contacting one of the larger companies with users who are
> >hitting me, but despite the helpdesk's nice words (oh, trust me, the abuse
> >line is very quick) I have yet to get responses. So, I guess my main help
>
> Screw the help desk, whois contains contact info. If no satisifaction have your
> lawyer call and mention compenstation for bandwidth consumption.
>
>
>
>
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>
>