Forum: Typo Heads-Up: Attempted typo login attack

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
B07700d04696f4e4ce546f8e93867b9c?d=identicon&s=25 Paul Hart (Guest)
on 2006-03-14 22:23
(Received via mailing list)
Hi all,

I was looking through my server logs a couple of days ago and noticed
that I my blog (redchocolate.ca) was the victim of a short attack
against my login page (/accounts/login).

It wasn't very successful, as all the requests were GET requests, but
there were 40 hits over 5 minutes. The attack was from
13/Mar/2006:16:06:53 to 13/Mar/2006:16:11:42 (times UTC).

The request IP address was 66.17.15.154, which resolves to:

66-17-15-154.security.lightspeedsystems.com

Apparently these folks are in the internet security industry. I wonder
why they were so interested in that page.

The browser signature suggest IE6:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322; .NET CLR 2.0.50215

Maybe they were hacked ;)

Paul
D6f24842b973de6cb75203c4c57dfbcb?d=identicon&s=25 Gary Shewan (Guest)
on 2006-03-15 11:42
(Received via mailing list)
On 14 Mar 2006, at 21:20, Paul Hart wrote:

> The request IP address was 66.17.15.154, which resolves to:
>
> Maybe they were hacked ;)
>
> Paul
> _______________________________________________
> Typo-list mailing list
> Typo-list@rubyforge.org
> http://rubyforge.org/mailman/listinfo/typo-list

If they were trying to login then you'd see POST attempts.  Probably
just a spider gone a bit mad.  Good to keep an eye on it anyway.

I've noticed an increase in comment spamming attempts lately which
are Typo targeted and not just a generic blog engine attacks, but I
have non-ajax commenting disabled ... which is proving bulletproof
right now.

Gary
This topic is locked and can not be replied to.