this one is driving me nuts - beavermails.com

KirkColvin747

Member
Mar 17, 2005
12
0
151
HUGE server load, diff. IPs, all preceeded by google js (which is on our webpages), and then the GET entry of an ad from referrer beavermails.com.

Anyone seen this crap before? Is our server acting as proxy for them?

-Kirk

main site is www.snarfware.com

61.173.199.214 - - [22/Dec/2006:07:19:44 -0500] "GET http://www.google-analytics.com/urchin.js HTTP/1.0" 404 10844 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
61.173.199.214 - - [22/Dec/2006:07:21:24 -0500] "GET http://popunder.adsrevenue.net/link...s=I2&isframe=false&bk=1&serverfile=popnetwork HTTP/1.0" 301 742 "-" "Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)
 
Last edited:

lostinspace

Well-Known Member
Jul 19, 2003
122
1
168
Colorado Springs, CO
HUGE server load, diff. IPs, all preceeded by google js (which is on our webpages), and then the GET entry of an ad from referrer beavermails.com.

Anyone seen this crap before? Is our server acting as proxy for them?

-Kirk

main site is www.snarfware.com

61.173.199.214 - - [22/Dec/2006:07:19:44 -0500] "GET http://www.google-analytics.com/urchin.js HTTP/1.0" 404 10844 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)"
61.173.199.214 - - [22/Dec/2006:07:21:24 -0500] "GET http://popunder.adsrevenue.net/link...s=I2&isframe=false&bk=1&serverfile=popnetwork HTTP/1.0" 301 742 "-" "Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)
Personally, I'd ban the subnet. Unless you'll miss hits from China?

Also, are the loads caused from numerous connections? If so, there's some nice FW's that will temp ban IPs based on connections (Chirpy's CSF/LFD combo for example).
 
Last edited: