Jan 26 2004

Bye, bye nonymouse.com – thanks to the losers at airengiadina.ch

Thanks to those losers at airengiadina.ch the anonymous proxy at http://www.nonymouse.com/ has been banned entirely from my web-server. It started when some loser tried to post a comment to every single entry on my blog. Here are the relevant lines from the access_log file:

66.36.249.149 – – [26/Jan/2004:12:35:12 -0700] “GET /blog/archives/000001.html HTTP/1.0” 200 7761 “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:35:17 -0700] “GET /blog/archives/000001.html HTTP/1.0” 200 7761 “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:35:22 -0700] “POST /blog/mt-comments.cgi HTTP/1.0” 200 2159 “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:35:24 -0700] “GET /blog/archives/000002.html HTTP/1.0” 200 7556 “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:35:27 -0700] “POST /blog/mt-comments.cgi HTTP/1.0” 200 2159 “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:35:30 -0700] “GET /blog/archives/000003.html HTTP/1.0” 200 7391 “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:35:34 -0700] “POST /blog/mt-comments.cgi HTTP/1.0” 200 2159 “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:35:37 -0700] “GET /blog/archives/000004.html HTTP/1.0” 200 7618 “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:35:42 -0700] “POST /blog/mt-comments.cgi HTTP/1.0” 200 2159 “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:35:46 -0700] “GET /blog/archives/000005.html HTTP/1.0” 200 7908 “-” “http://@nonymouse.com/ (Unix)”

I happened to have a terminal window open which showed the lines go by. So I go quickly to my control center (see the entry Making it fun to fight blog spammers) and hit the “Deny all future access” link for ip-address 66.36.249.149.

What follows in the access_log is an almost endless list of attempts to download other blog-entries (even ones that don’t exist):

66.36.249.149 – – [26/Jan/2004:12:35:52 -0700] “POST /blog/mt-comments.cgi HTTP/1.0” 403 – “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:35:55 -0700] “GET /blog/archives/000006.html HTTP/1.0” 403 – “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:35:57 -0700] “GET /blog/archives/000007.html HTTP/1.0” 403 – “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:36:00 -0700] “GET /blog/archives/000008.html HTTP/1.0” 403 – “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:36:06 -0700] “GET /blog/archives/000009.html HTTP/1.0” 403 – “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:36:09 -0700] “GET /blog/archives/000010.html HTTP/1.0” 403 – “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:36:12 -0700] “GET /blog/archives/000011.html HTTP/1.0” 403 – “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:36:15 -0700] “GET /blog/archives/000012.html HTTP/1.0” 403 – “-” “http://@nonymouse.com/ (Unix)”
66.36.249.149 – – [26/Jan/2004:12:36:18 -0700] “GET /blog/archives/000013.html HTTP/1.0” 403 – “-” “http://@nonymouse.com/ (Unix)”

The 403 means that they received an “Access Denied” error message, instead of the page content.

Funny enough, I can also see that those guys were not successful at posting comments to my server, thanks to the Moveable Type Blacklist Plugin (see Jay Allen’s page at http://www.jayallen.org/projects/mt-blacklist/).

mysql> select log_id,log_message,log_ip from mt_log order by log_created_on desc limit 4;
+——–+————————————————————–+—————+
| log_id | log_message | log_ip |
+——–+————————————————————–+—————+
| 139 | MT-Blacklist comment denial on KahunaBurger: airengiadina.ch | 66.36.249.149 |
| 138 | MT-Blacklist comment denial on KahunaBurger: airengiadina.ch | 66.36.249.149 |
| 137 | MT-Blacklist comment denial on KahunaBurger: airengiadina.ch | 66.36.249.149 |
| 136 | MT-Blacklist comment denial on KahunaBurger: airengiadina.ch | 66.36.249.149 |
+——–+————————————————————–+—————+

Losers, be gone …

3 Responses to “Bye, bye nonymouse.com – thanks to the losers at airengiadina.ch”