Odd question on DNS/domain name stuff...
Bob Elzer
bob.elzer at gmail.com
Mon Jul 13 19:49:47 MST 2009
What logs are you looking at ? Is this Apache I assume ?
The IP address of the incoming connection should be in the log files
/var/log/httpd/access_log (for centos)
Is he looking at a summarized log file maybe like webalizer ? I believe that
converts the ip's to their dns names.
So look in the raw log file.
> -----Original Message-----
> From: plug-discuss-bounces at lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On
> Behalf Of Jim March
> Sent: Monday, July 13, 2009 6:21 PM
> To: Main PLUG discussion list
> Subject: Odd question on DNS/domain name stuff...
>
> Folks,
>
> I have a friend who runs a website. Every night he looks at
> the logs and checks to see where people are linking in from -
> usually discussion forums.
>
> He's got a regular trickle of incoming from a website that
> doesn't seem to exist:
>
> http://www.alchemistsrroom.us
>
> Drop one "r" from "rroom" and you do get a valid site, but it
> involves aromatherapy. His site relates to a high-end
> handgun sight...that would be an odd linkage.
>
> Something else: I didn't know this, but people who mess
> around with homebrew explosives call themselves "alchemists",
> so there's obviously more of a cross-linked interest THERE
> than with aromatherapy.
>
> I've run "whois" searches on "alchemistsrroom.us" plus tried
> to go to the .com, .net, .org, .edu and even .gov versions of
> the same thing.
>
> So...first question is, why is this guy's server logs telling
> him links are coming in from a non-existent address?
>
> Possibly related question: is there a way to mask
> alchemistsrroom.us somehow, possibly by running a non-standard port
> (http://alchemistsrroom.us:8081 or something?) If so, can we
> find it, and possibly locate an underground bomb-maker's
> forum or something?
>
> :)
>
> Jim
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
More information about the PLUG-discuss
mailing list