plog trackspam 記錄

edited 十一月 -1 in 個人資訊管理
在 plog 中裝了這個外掛:
http://wiki.plogworld.org.tw/index.php/PLog_1.0/Plugins/validatetrackback

雖然 trackback spam 減少了,但還是無法完全根除,因此在運作機制中安插了一個紀錄,看看他們是透過什麼樣的方式發送廣告;剛剛發現有五筆資料進入,其中兩筆資料逃過了驗證機制,而五筆資料都是來自不同的 IP ,因此猜想這是不是某個小程式中的後門程式作祟,下面是這五筆資料的摘要:

1.
    [_url] => http:// www . lepcart . com / texas-hold-em.html
[_title] => online texas hold\'em
[_articleId] => 39
[_excerpt] => Check these: party poker rag texas hold em .
[_blogName] => online texas hold\'em
[_date] => 20051101084415
[CONTENT_LENGTH] => 342
[CONTENT_TYPE] => application/x-www-form-urlencoded
[HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
[REMOTE_ADDR] => 202.67.148.122
[REMOTE_PORT] => 4048
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.0
[REQUEST_METHOD] => POST
[QUERY_STRING] => id=39


2.

[_url] => http:// www . rhodashomes . com / play-blackjack.html
[_title] => play blackjack for fun
[_articleId] => 60
[_excerpt] => Check these: cash play blackjack blackjack online .
[_blogName] => play blackjack for fun
[_date] => 20051101081648
[CONTENT_LENGTH] => 368
[CONTENT_TYPE] => application/x-www-form-urlencoded
[HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
[HTTP_VIA] => 1.1 Proxy2 (NetCache NetApp/5.6.1)
[HTTP_X_FORWARDED_FOR] => 85.187.163.55
[REMOTE_ADDR] => 200.219.184.81
[REMOTE_PORT] => 6736
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => POST
[QUERY_STRING] => id=60


3.

[_url] => http:// www . rhodashomes . com / play-blackjack.html
[_title] => play blackjack for fun
[_articleId] => 36
[_excerpt] => Check these: blackjack online jam play blackjack .
[_blogName] => play blackjack for fun
[_date] => 20051101081316
[CONTENT_LENGTH] => 367
[CONTENT_TYPE] => application/x-www-form-urlencoded
[HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
[REMOTE_ADDR] => 66.210.239.34
[REMOTE_PORT] => 2688
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.0
[REQUEST_METHOD] => POST
[QUERY_STRING] => id=36


4.

[_url] => http:// www . lepcart . com / texas-hold-em.html
[_title] => texas hold\'em poker
[_articleId] => 68
[_excerpt] => Check these: party poker texas hold em .
[_blogName] => texas hold\'em poker
[_date] => 20051101080408
[CONTENT_LENGTH] => 336
[CONTENT_TYPE] => application/x-www-form-urlencoded
[HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
[REMOTE_ADDR] => 219.14.144.3
[REMOTE_PORT] => 3427
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.0
[REQUEST_METHOD] => POST
[QUERY_STRING] => id=68


5.

[_url] => http:// www . lepcart . com / texas-hold-em.html
[_title] => texas hold\'em game
[_articleId] => 35
[_excerpt] => Check these: texas hold em party poker .
[_blogName] => texas hold\'em game
[_date] => 20051101080003
[CONTENT_LENGTH] => 334
[CONTENT_TYPE] => application/x-www-form-urlencoded
[HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
[REMOTE_ADDR] => 69.11.157.46
[REMOTE_PORT] => 4711
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.0
[REQUEST_METHOD] => POST
[QUERY_STRING] => id=35


現在沒空,所以只能消極的在看到紀錄時砍資料,先貼著,等有空再來研究吧。

原始討論: http://twpug.net/x/modules/newbb/viewtopic.php?topic_id=971

評論

  • edited 十一月 2005
    我調整了程式,累積了一點記錄,提供給有興趣的朋友當作阻擋的參考

    ├002┤
Sign In or Register to comment.