dot.kde.org

Andy Goossens andygoossens at pandora.be
Fri May 23 23:53:34 UTC 2003


On Saturday 24 May 2003 00:56, Navindra Umanee wrote:
> Andy Goossens <andygoossens at pandora.be> wrote:
> > Their hostnames are in the form "nc******.telenet-ops.be". At least one
> > of those addresses is blocked, because refreshing the page helps most of
> > the time. (My pagerequest can come from multiple IPs).
>
> # Fri 23/May/2003:18:28:27
> # Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) XX
> # GET /internal-emails/
> #
> 213.224.83.134 -

That is one of the Telenet/Pandora proxies.

You could try to check page requests for the "X-Forwarded-For" header (added 
by any decent proxy server), it reveals the client's ip address. But then we 
could have problems with dynamic ip addresses... (which we do have). However, 
it still might reduce the number of false positives.

> 213.224.83.134 - - [23/May/2003:18:28:27 +0200] "GET /internal-emails/
> HTTP/1.1" 403 426 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
> XX"
> [tons more]
>
> Obviously an email harvestor.

Quite hard to make it stop. And contacting my ISP won't help anything, they 
need a court order... *sigh*

-- 
// Andy Goossens

// Quote of the moment:
If there is a wrong way to do something, then someone will do it.
		-- Edward A. Murphy Jr.



More information about the kde-www mailing list