From the ashes of Heaven

I love irony!

It turns out that some of the suspensions my account had been getting were kinda valid. I was suspended the last two nights so I checked my access logs (again) and found something fun:

208.80.195.121 - - [24/Aug/2009:00:18:15 -0500] "GET /boejekwaejoqgr.html?bffqg HTTP/1.0" 404 19961 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; Assiniboine Community College; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
208.80.195.121 - - [24/Aug/2009:00:18:14 -0500] "GET /boejekwaejoqgr.html?xcrger HTTP/1.0" 404 19961 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; YComp 5.0.0.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)"
208.80.195.121 - - [24/Aug/2009:00:18:15 -0500] "GET /boejekwaejoqgr.html?xazpc HTTP/1.0" 404 19961 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser; Avant Browser; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)"
208.80.195.121 - - [24/Aug/2009:00:18:14 -0500] "GET /boejekwaejoqgr.html?seoibbaqm HTTP/1.0" 404 19961 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Ringo)"
208.80.195.121 - - [24/Aug/2009:00:18:14 -0500] "GET /boejekwaejoqgr.html?symaor HTTP/1.0" 404 19961 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; YPC 3.2.0; .NET CLR 1.1.4322; IEMB3; yplus 5.1.04b)"

There are a few hundred entries like that. It seems that a bot somewhere has been running so many requests against my host that it triggered the CPU limit for my host. The irony comes in if you run WHOIS on the IP address, it goes back to Websense. That gave me a good laugh this morning.

Related posts:

  1. Hooray! Kinda… http://www.cnn.com/2009/POLITICS/06/17/house.health.care/index.html The bill won’t go anywhere with Democrats in the...
  2. “For the love of God and all that is Holy…” Wyandot is closed! No more idiot parents and whining children...
  3. The perfect example. This is a perfect example of our broken political system....

Powered by YARPP.

Archangel / August 24, 2009 / Technology

Comments

  1. Eclipse - August 28, 2009 @ 1:19 am

    I don’t get the irony. Is Websense your internet provider? Is it DOS’ing itself?

    Reply
  2. Archangel - August 28, 2009 @ 8:34 am

    Damn… I must just do funny wrong… you’re the second person I’ve had to explain this to. Websense is a network security and content filtering company. It is ironic, and funny, that they would have a bot on their network spamming external websites. Even more so if you know the history.

    The file that the host is trying to access is an html file that was injected into my website a few months ago that contained a java script that sent spam through smtp. Websense also has an email filtering solution.

    Reply

Leave a Reply

Your email address will not be published / Required fields are marked *