[typo] Heads-Up: Attempted typo login attack
gpsnospam at gmail.com
Wed Mar 15 05:39:38 EST 2006
On 14 Mar 2006, at 21:20, Paul Hart wrote:
> Hi all,
> I was looking through my server logs a couple of days ago and noticed
> that I my blog (redchocolate.ca) was the victim of a short attack
> against my login page (/accounts/login).
> It wasn't very successful, as all the requests were GET requests, but
> there were 40 hits over 5 minutes. The attack was from
> 13/Mar/2006:16:06:53 to 13/Mar/2006:16:11:42 (times UTC).
> The request IP address was 126.96.36.199, which resolves to:
> Apparently these folks are in the internet security industry. I wonder
> why they were so interested in that page.
> The browser signature suggest IE6:
> Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
> 1.1.4322; .NET CLR 2.0.50215
> Maybe they were hacked ;)
> Typo-list mailing list
> Typo-list at rubyforge.org
If they were trying to login then you'd see POST attempts. Probably
just a spider gone a bit mad. Good to keep an eye on it anyway.
I've noticed an increase in comment spamming attempts lately which
are Typo targeted and not just a generic blog engine attacks, but I
have non-ajax commenting disabled ... which is proving bulletproof
More information about the Typo-list