Re: Possible Hijacking from Globix

This WebDNA talk-list message is from

2002


It keeps the original formatting.
numero = 42737
interpreted = N
texte = Try thishttp://wtv-zone.com/JBond/chowmein.swf-- Stuart Tremain idfk web developments - AustraliaOn Wednesday, 21 August 2002, Michael Davis wrote: >I've already done a whammy on the page for those two addresses. >You don't even want to know what kind of images I've swapped in >place of the images of The Beatles. :O. Hopefully it'll get >someone's attention. > >Mike > >On Tuesday, August 20, 2002, at 04:48 PM, Stuart Tremain wrote: > >> Put a >> >> [hideif [ipaddress]=theiripaddress] all the good stuff [/HideIf] >> >> in the page! >> >> -- >> Stuart Tremain >> idfk web developments - Australia >> >> On Wednesday, 21 August 2002, Michael Davis >> wrote: >>> A page on my server is being hit at a rate of about 20 hits/hr from >>> the same two IP addresses registered to a company in GB called >>> Scrollock Computers. They seem to be owned by Globix >>> (globix.com). I see that Globix does proxy services. I'm >>> wondering if this is what is hitting my page. I haven't seen a >>> reply from them to a message I sent inquiring, but it may be that >>> it's too late there. The page being hit is a products details page >>> for a few Beatles CD's we carry. I've done some statistics: >>> 1. Always the same browser UA. Mozilla/4.0 (compatible; MSIE 5.0; >>> Windows NT; DigExt) >>> 2. Only 1 out of 100 hits includes a cookie that I set on the page >>> (return visitor) >>> 3. All hits from two IP addresses: 213.219.017.220, 213.219.058.019 >>> 4. Javascript Code seems to be stripped out of what the final >>> viewer sees. >>> (I assume this because I put a javascript in the page that would >>> preload an image. >>> I added some variables to the image request so that I could >>> possibly see what url >>> the person behind the proxy was visiting and what UA they were >>> using. So far, no >>> hits to that image.) >>> 5. Always the same [cart] string. So they are proxying a page that >>> is useless as an actual e-commerce application. >>> 6. After three days of this, that cart file is still empty. This >>> leads me to believe that they may also be stripping out the click >>> to order button on the page. >>> >>> Globix looks pretty big from their web site. Has anyone else had >>> an experience with them like this? >>> >>> >>> >>> Mike > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://search.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Possible Hijacking from Globix (Dale Therio 2002)
  2. Re: Possible Hijacking from Globix (Glenn Busbin 2002)
  3. Re: Possible Hijacking from Globix (Stuart Tremain 2002)
  4. Re: Possible Hijacking from Globix (Michael Davis 2002)
  5. Re: Possible Hijacking from Globix (Michael Davis 2002)
  6. Re: Possible Hijacking from Globix (Stuart Tremain 2002)
  7. Re: Possible Hijacking from Globix (Michael Davis 2002)
  8. Re: Possible Hijacking from Globix (Stuart Tremain 2002)
  9. OT: Possible Hijacking from Globix (Michael Davis 2002)
Try thishttp://wtv-zone.com/JBond/chowmein.swf-- Stuart Tremain idfk web developments - AustraliaOn Wednesday, 21 August 2002, Michael Davis wrote: >I've already done a whammy on the page for those two addresses. >You don't even want to know what kind of images I've swapped in >place of the images of The Beatles. :O. Hopefully it'll get >someone's attention. > >Mike > >On Tuesday, August 20, 2002, at 04:48 PM, Stuart Tremain wrote: > >> Put a >> >> [hideif [ipaddress]=theiripaddress] all the good stuff [/HideIf] >> >> in the page! >> >> -- >> Stuart Tremain >> idfk web developments - Australia >> >> On Wednesday, 21 August 2002, Michael Davis >> wrote: >>> A page on my server is being hit at a rate of about 20 hits/hr from >>> the same two IP addresses registered to a company in GB called >>> Scrollock Computers. They seem to be owned by Globix >>> (globix.com). I see that Globix does proxy services. I'm >>> wondering if this is what is hitting my page. I haven't seen a >>> reply from them to a message I sent inquiring, but it may be that >>> it's too late there. The page being hit is a products details page >>> for a few Beatles CD's we carry. I've done some statistics: >>> 1. Always the same browser UA. Mozilla/4.0 (compatible; MSIE 5.0; >>> Windows NT; DigExt) >>> 2. Only 1 out of 100 hits includes a cookie that I set on the page >>> (return visitor) >>> 3. All hits from two IP addresses: 213.219.017.220, 213.219.058.019 >>> 4. Javascript Code seems to be stripped out of what the final >>> viewer sees. >>> (I assume this because I put a javascript in the page that would >>> preload an image. >>> I added some variables to the image request so that I could >>> possibly see what url >>> the person behind the proxy was visiting and what UA they were >>> using. So far, no >>> hits to that image.) >>> 5. Always the same [cart] string. So they are proxying a page that >>> is useless as an actual e-commerce application. >>> 6. After three days of this, that cart file is still empty. This >>> leads me to believe that they may also be stripping out the click >>> to order button on the page. >>> >>> Globix looks pretty big from their web site. Has anyone else had >>> an experience with them like this? >>> >>> >>> >>> Mike > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://search.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

docs for WebCatalog2 (1997) CAPTCHA system in webDNA (2005) Ok here is a question? (1997) Cannot get subtotal to work (1997) WebCommerce: Folder organization ? (1997) ERASING DATABASE (1997) Nesting format tags (1997) Taxable Shipping (2003) where to put code (1998) Changing buttons (1999) Showif probably dumb question (1997) Different coloured rows for [FoundItems] (2000) Re1000002: Setting up shop (1997) Re2: frames & carts (1997) Mult-File Upload w/ Web Star (2000) Emailer (WebCat2) (1997) Force a search at the default.tmpl page? (1997) NT 4.0/IIS WebCat Installation (1998) Hello??? (1997) WebCat on 10.0.4 - iTools 6.0 (2001)