Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] detect fake HTTP referrer



Hi,

My Apache reports that:

xx.xx.xx.xx.broad.fz.fj.dynamic.163data.com.cn - -
[16/Jan/2008:15:58:26 +0900] "GET
/aoc/recs/TheLegionClan_AoC_Pack1_1582_Games.zip HTTP/1.1" 206
306741059 "http://aoclife.ddo.jp/aoc/recs/"; "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.0)

This look quite normal and valid. But in fact I am sure that the referer

"http://aoclife.ddo.jp/aoc/recs/";

is fake because all the accesses to

/aoc/recs/TheLegionClan_AoC_Pack1_1582_Games.zip

are

"http://aoclife.ddo.jp/aoc/recs/";

while

"http://aoclife.ddo.jp/aoc/recs/";

got no referrers !

Total traffic of TheLegionClan_AoC_Pack1_1582_Games.zip is 7.7TB.

I think that some website has put a link to that file, set referrer to

"http://aoclife.ddo.jp/aoc/recs/";

so that the request looks "normal". They are stealing my traffic.

Most of the traffic( IP address ) roots to China.

Anyone has any ideas how to hunt that site down?

-- 
Best Regards,
Nguyen Hung Vu ( Nguyễn Vũ Hưng )
vuhung16plus{remove}@example.com
An inquisitive look at Harajuku
http://www.flickr.com/photos/vuhung/sets/72157600109218238/

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links