kaseytraeger Posted October 20, 2004 Posted October 20, 2004 I was scanning my error log for today, and I found three rather odd entries that I do not understand. I hope someone can help me out with this. [Wed Oct 20 08:48:46 2004][error] [client 66.196.90.136] File does not exist: /home/pudgy/public_html/root/mt.htm[Wed Oct 20 09:43:24 2004] [error] [client 66.196.91.124] File does not exist: /home/pudgy/public_html/soukatu/mt/commentary.htm [Wed Oct 20 13:26:18 2004] [error] [client 66.196.90.126] File does not exist: /home/pudgy/public_html/r89c01pb.htm It looks to me that someone is trying to hack into my MT installation, but I don't really know for sure. Also, someone is looking for a very specific file called "r89c01pb.htm" which is so cryptic it must have been typed in by hand for someone looking for it. Does this look like something I need to be concerned about? I have tried looking up all three IP addresses on GeoBytes to see if I can determine who this person(s) is, but the GeoBytes server can find no information about the IP addresses, not even locations. Quote
TCH-Don Posted October 20, 2004 Posted October 20, 2004 I have seen the mt one I do not have mt, so someone is looking around to see what they can get into? Quote
TCH-Bruce Posted October 20, 2004 Posted October 20, 2004 Here's what I found on those IP's. NetRange: 66.196.64.0 - 66.196.127.255 CIDR: 66.196.64.0/18 NetName: INKTOMI-BLK-3 NetHandle: NET-66-196-64-0-1 Parent: NET-66-0-0-0-0 NetType: Direct Allocation NameServer: NS1.YAHOO.COM NameServer: NS2.YAHOO.COM NameServer: NS3.YAHOO.COM NameServer: NS4.YAHOO.COM NameServer: NS5.YAHOO.COM Comment: This netblock contains Web Crawlers. Please Comment: contact slurp@inktomi.com for questions or concerns. RegDate: 2001-10-30 Updated: 2003-09-26 AbuseHandle: ZI107-ARIN AbuseName: Inktomi Corporation AbusePhone: +1-650-653-2800 AbuseEmail: slurp@inktomi.com Quote
kaseytraeger Posted October 20, 2004 Author Posted October 20, 2004 I have seen the mt oneI do not have mt, so someone is looking around to see what they can get into? That's what I was thinking (that someone was trying to see how they can get into my mt installation). It concerned me. Bruce, where did you find that information? Curious that the IPs seem to originate from a division of Yahoo! (Inktomi). I think Inktomi is a search engine. Would a search engine deliberately try to find SPECIFIC files in a web server, or try to access an MT folder directly? Quote
TCH-Bruce Posted October 20, 2004 Posted October 20, 2004 I use the Whois function of a program called Trout. Quote
TCH-Dick Posted October 20, 2004 Posted October 20, 2004 (edited) If you take a look at that IP in Latest Visitors, you wll find that it is the Spider/crawler for Yahoo/Inktomi Slurp. Yahoo and Google have been looking for files regardless if the are on a server for a while now. I get hits from Yahoo looking for 'mySubscriptions.opml' which is part of Manila, yet I run WordPress. Edited October 20, 2004 by TCH-Dick Quote
kaseytraeger Posted October 22, 2004 Author Posted October 22, 2004 Well, I am glad to know that it isn't really something that I need to be concerned with. Thanks so much for the help and information! Is the "Trout" program something you bought, or is it a freeware web app? It sounds like it could be useful in analyzing things like error logs and the like when you think someone may be up to some nefarious behavior or machination. Quote
TCH-Bruce Posted October 23, 2004 Posted October 23, 2004 (edited) It was a freeware app I found. It's main function is for doing trace routes and it has a built-in Whois function. Here is a link for it: http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/trout.htm Edited October 23, 2004 by TCH-Bruce Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.