Hackers/crackers

It seems some hackers/crackers/spammers (whatever you want to call them) have been scanning our server and trying to find some holes.

Luckily our system detects these requests and writes a detailed report. We've contacted the perpetrator at revisedcode@revisedcode.com and are waiting for a response to see if he/she has a good argument for trying to attack our Australian Search Engine.

Some of the URLs scanned were:
http://209.97.223.207:80/forums/chat/messagesL.php3
http://209.97.223.207:80/phpMyChat-0.14.3/chat/messagesL.php3
http://209.97.223.207:80/phpMyChat/chat/messagesL.php3
http://209.97.223.207:80/chatroom/chat/messagesL.php3
http://209.97.223.207:80/chat/messagesL.php3
http://209.97.223.207:80/mails/README
http://209.97.223.207:80/horde-3.0.9/README
……

There plenty more entries, I can only assume they are looking for somewhere to SPAM. This is one of the reasons why we only allow users to contact our clients when they have a valid account.

The offending party is host.revisedcode.com or http://www.revisedcode.com/

Then there were also entries for the following;
http://209.97.223.207:80/stats/awstats.pl
http://209.97.223.207:80/cgi-bin/stats/awstats.pl
http://209.97.223.207:80/scgi-bin/awstats/awstats.pl
……

I can only imagine that’s to find a hole on the server.
The offending party is host.jdssimulated.com which is very odd indeed.
We’ve emailed the offending party at jobs@jdssimulated.com

And last but not least, someone trying to flood the server with countless requests, lucky for us anyone making countless requests one after the other gets denied access.

Possible leech attack from IP address: 211.215.134.172
Date and time: Dec 26, 2007 1:18 PM
Page requested: http://www.clickfind.com.au/business/listing.cfm?businessIdentity=xxxxx Number of requests made to this page: 51
First request made at: Dec 26, 2007 1:17 PM
Last request made at: Dec 26, 2007 1:18 PM
Average time between requests: 1.47058823529 seconds
ReverseDNS: 211.215.134.172