httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Sutherland <ja...@cam.ac.uk>
Subject Re: out of control "controller"
Date Wed, 07 Jun 2000 16:35:08 GMT
On Wed, 7 Jun 2000, Eric Cholet wrote:

> > On Tue, 6 Jun 2000, Brian Behlendorf wrote:
> >
> > >
> > > >From Apache's logs:
> > >
> > > www.apache.org 199.35.108.159 - - [06/Jun/2000:17:29:53 -0700] "GET
> > > /server-status?auto HTTP/1.1" 403 293 "-" "Controller"
> > > www.apache.org 199.203.74.246 - - [06/Jun/2000:17:29:54 -0700] "GET
> > > /server-status?auto HTTP/1.1" 403 293 "-" "Controller"
> > > www.apache.org 207.232.54.253 - - [06/Jun/2000:17:29:55 -0700] "GET
> > > /server-status?auto HTTP/1.1" 403 293 "-" "Controller"
> > >
> > > Three different IP addresses, sending requests once a second, for the
> > > server-status?auto object.  Who is it?  I noticed two of those IP's
> point
> > > to netvision.net.il, an address I know some people from here post from.
> > > Even after I configured Browsermatch to recognize "Controller" as a
> > > "badrobot", (thus the 403's) the requests keep coming.  Does anyone
> > > recognize this?  If not I guess I'll consider it a DoS and block at the
> > > firewall.
> >
> > The third one appears to be under netvision.net.il - a domain which isn't
> > recognised by their own registrar, register.com. No guesses there, I'm
> > afraid - the WWW site (new.netvision.net.il) is in a foreign language :-(
> >
> > The first two, though, appear to be Mercury Interactive - a WWW
> > server uptime monitoring outfit.
> >
> > It looks as if someone has signed up for them to monitor apache.org's
> > uptime; from the three all using "Controller", I presume Netvision is also
> > a server monitoring service. Mercury Interactive offers a three month free
> > trial, but does require written authorisation before they'll start
> > monitoring - could be worth getting in touch with them, to ask what
> > happened??
> 
> netvision.net.il is Israel's largest ISP

Interesting... Whoever the third IP address is appears to be doing exactly
the same thing. Is this person the one who set up the Mercury Interactive
monitoring??

Anyway, the solution for items 1 & 2 should be simple - just ask them not
to do it, and ask them why they started. (They require a written request
to begin monitoring, so presumably they'll have this request somewhere.)

Then we need to identify the third - someone contact the ISP?


James.


Mime
View raw message