Re: [PLUG] More strange web traffic

prushik on 5 Apr 2018 09:01:02 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] More strange web traffic

From: prushik <prushik@gmail.com>
To: PhiladelphiaLinuxUser'sGroupDiscussionList <plug@lists.phillylinux.org>
Subject: Re: [PLUG] More strange web traffic
Date: Thu, 5 Apr 2018 12:00:55 -0400 (EDT)
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:subject:to:message-id:mime-version; bh=KGlWDWz1u1jGwACbgvEwePasTn8zZC2pBU20Q4Yq3TE=; b=irGgLD4h32YIuVYjk8rTEyYSSBifxfPQ6vwfd7IPXFpkciEIiSsq95xquc083W0lqz E9coDtj9PIUXf8j9RZ80oNPqTG2FQLUr9Z3iJ2gT81nu8b77gIGX2/XIY6sKKrWR/LJ3 NWccnF2pq/vgP7zq8UClRZEeEUBP8TNAGyjAXKpVTuXUvRP+vP48ssvLWsQ6oJ/tLo0Y excx3EteKpswDPrXO3MYbhuUWRgDMP4JNJRSJ+gWaSY5I08OhTeqJ4otNodPaxWtYC4u UcPO+ThCmkiZXiof2xDPA8chxrjg5uttXWDEcQ0Jsfs+tC995ZgGWwSMNOIZwy23LT6H 0q4A==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

I would wonder if it was an attempt to hide something like XSRF attacks. Not sure if that makes sense, but that was my first thought.

Sent from my Samsung device.

---- Original message ----
From: Paul Jungwirth <pj@illuminatedcomputing.com>
Sent: 04/05/2018 11:54:01
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] More strange web traffic

On 04/05/2018 08:19 AM, Rich Freeman wrote:
> On Thu, Apr 5, 2018 at 11:06 AM, Paul Jungwirth
> <pj@illuminatedcomputing.com> wrote:
>>
>> Almost all the requests had Chinese-sounding domain names (so not Russians
>> ;-) and seemed shopping-related. It didn't look like the usual scanning for
>> /unpatched.php or whatever, but seemed to serve some other purpose. But
>> what? (Note I was not actually proxying the requests, just responding with a
>> 301.)
>
> I wonder if it was price scraping.  Suppose I want to maintain a
> database of all of Amazon's prices?  Suppose Amazon doesn't want me
> maintaining that database?  A cat and mouse game ensues, and open
> proxies would likely become pawns.

That makes sense. I guess because I was sending a 301, which many http
libraries/tools would automatically follow, from the scraper's
perspective it would still appear to "work" (just unproxied), so it
would be an easy-to-overlook bug for them to add my site to their list
of open proxies. Interesting!

--
Paul              ~{:-)
pj@illuminatedcomputing.com
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] More strange web traffic
Next by Date: Re: [PLUG] Fwd: [FD] Massive Breach in Panera Bread
Previous by thread: [PLUG] Need HDMI cable at tonight's meeting
Next by thread: [PLUG] HARD DRIVES
Index(es):
- Date
- Thread