Webmasters: 404 errors from 216.32.64.10

Contributed by Dengue on 2000-02-02 from the big-brother-is-watching-you-and-selling-the-results dept.

james phillips writes "This popped up on the INCIDENTS list the other day, and I looked through my logs, and sure enough found a ton of traffic, including a bunch of 404 errors originating from this IP. If you follow this IP, you will be taken to cyveillance.com. This company appears to specialize in scouring your website for information it then attempts to resell to other businesses."

What it appears cyveillance is doing here is searching websites for information to sell to corporate entities for damage control purposes and copyright enforcement. This in itself bothers me, because the content of my site is not for resale. Selling the information of this website violates the copyright I hold for the information here, as well as the copyrights of all of the contributors all the way down to the comment posters copyright for their contribution.

But the bigger issues I have with this are the following:

The intent of this access is hidden
- Address 216.32.64.10 does not resolve, masking the identity
- The browser type is listed as "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)", which is a misrepresentation for an automated search tool. Another attempt at masking their activities.
Attempts are made to access content in directories with names such as "private/" and to access content that has never existed on the server.
In order to determine the cause of this activity, you actually have to go to 216.32.64.10:80 for an explanation. I suggest everyone read it and determine for yourselves what the intent is.

This activity is no different than portscanning a host, or connecting to port 137 on a wintel box and grabbing the NETBios names.

Because of the truly fraudulent nature of this activity, I urge all webmasters to check their logs for accesses from this IP and to enact measures to prevent further access from this company until they:

Properly reverse-map the ip addresses they use for their informational gathering activities.
Change the USER_AGENT to properly identify themselves in log entries and to follow accepted spider protocol.
Seek copyright permission prior to the sale of copyrighted material in accordance with the Copyright statutes of the Host nation.

Big Brother is here.

-j

(Comments are closed)

Comments

By louis () louis@spam+eggsdotsignalpath.on.ca on 2000-02-03 05:07 http://www.bertrandtech.on.ca/

It looks like they learned some manners. They
visited my site Jan.29 and pulled robots.txt
but they don't appear to have followed the
links in the file.
By Anonymous Coward () on 2000-02-12 08:48

[root@www /root]# grep -c 216.32.64.10 /var/log/httpd/access*
/var/log/httpd/access_log:60
/var/log/httpd/access_log.1:88
/var/log/httpd/access_log.2:63
/var/log/httpd/access_log.3:19
/var/log/httpd/access_log.4:61

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]