Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By eisf on
Has anyone else noticed a rash of "page not found" errors in the Admin log this month? Seems to have started occurring about same time as Spammer attacks. I have gone through the logs to cross-reference and although there appears to be an automated program with random function, I could correlate with times and similar attempts. Specifically:
/inaemailsend-activex/
/cgint.exe/
contenttalk.com/
.b0b.org/hilton/bankok
.les-societes.com/a/
/staubsaugertueten/dokumente/bosch/
/index.html.emerchant.it/catalog/...
/scrapbooking-wholesale/...
/cracked_software_download/BENTLY_MicroSoft...
/steel_buildings/
/tags/Microsoft Partner Program/Resources/
Many of these rotate with the following afterwards:
/user/register
/user/login
/user/password
/forum
/node # (mostly 15, 28, 29, 53 & 54, but b0b.org & contenttalk use many others)
/taxonomy/term/#
Notes:
- The b0b.org seems to have related site yi.org that provides a Dynamic DNS and URL Redirection services.
- Inaemailsend is a product by Inabyte that is a tool for sending email from an Active Server Page.
- Google search indicates cgint.exe is a program that has to do with automated newsletters.
Any information others can provide on this problem and means to combat it would be appreciated.
Comments
Go to user management »
Go to user management » access rules
José San Martin
http://www.chuva-inc.com/
Spam Bot Attack
Sorry, not that familiar with Drupal. I have been able to track Spam Bots attacking our site and have used Access Control - Account Rules to deny email from: %sdial.biz%; %czups.info%; %@homail.com; %@mail.ru; registrator%; %@mail.com; %@mymail.nl
However, the only other choice I have (Drupal version 4.6) is to add rule to deny username that apparently does not block web site offenders.
Lately, the Spam Bot attacks listed in first post have been coming from 64.1.215.165.
How do I block web sites?
TWICELER robot
Discovered that IP address 64.1.215.165 is using an experimental robot called TWICELER. There are many forum posts that TWICELER is a bad-bot coming from multiple sites where it is a bandwidth hog and has incapacitated web sites. Found it does obey blocking with robots.txt, but there is a 7 day delay (cache).
this might help you
this might help you http://drupal.org/node/310