RE: Odd question on DNS/domain name stuff...

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMJames Finstrom at <-
M.MJoseph Sinclair at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bob Elzer
Date:  
To: 'Main PLUG discussion list'
Subject: RE: Odd question on DNS/domain name stuff...
What logs are you looking at ? Is this Apache I assume ?

The IP address of the incoming connection should be in the log files

/var/log/httpd/access_log (for centos)

Is he looking at a summarized log file maybe like webalizer ? I believe that
converts the ip's to their dns names.

So look in the raw log file.


> -----Original Message-----
> From:
> [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On
> Behalf Of Jim March
> Sent: Monday, July 13, 2009 6:21 PM
> To: Main PLUG discussion list
> Subject: Odd question on DNS/domain name stuff...
>
> Folks,
>
> I have a friend who runs a website. Every night he looks at
> the logs and checks to see where people are linking in from -
> usually discussion forums.
>
> He's got a regular trickle of incoming from a website that
> doesn't seem to exist:
>
> http://www.alchemistsrroom.us
>
> Drop one "r" from "rroom" and you do get a valid site, but it
> involves aromatherapy. His site relates to a high-end
> handgun sight...that would be an odd linkage.
>
> Something else: I didn't know this, but people who mess
> around with homebrew explosives call themselves "alchemists",
> so there's obviously more of a cross-linked interest THERE
> than with aromatherapy.
>
> I've run "whois" searches on "alchemistsrroom.us" plus tried
> to go to the .com, .net, .org, .edu and even .gov versions of
> the same thing.
>
> So...first question is, why is this guy's server logs telling
> him links are coming in from a non-existent address?
>
> Possibly related question: is there a way to mask
> alchemistsrroom.us somehow, possibly by running a non-standard port
> (http://alchemistsrroom.us:8081 or something?) If so, can we
> find it, and possibly locate an underground bomb-maker's
> forum or something?
>
> :)
>
> Jim
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-RE: OT: Shirts!Re: OT: Shirts!->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)