Well, due to the paranoid 1d10ts who run my work network, I can’t test the remote script from my work linux machine. I have one beta tester and need some others to ensure that it works.

Again, what you need on your linux machine:

• cURL (compiled from source or with the devel packages)
• MySQL client and devel packages
• Time::CTime for PERL
• A static external IP address so I can allow you to access the backend systems through my firewall

I am ready; sign up now!

Technorati: GrabPERF, Web Performance, Web Performance Measurement, Web Performance Monitoring

IceRocket: GrabPERF, Web Performance, Web Performance Measurement, Web Performance Monitoring

Tags: blog, client, EAD, Firewall, GrabPERF, HTTP, IE, IM, IP, ip address, it, Linux, Mac, measurement, mysql, Om, One, performance, performance measurement, Perl, run, search, Technorati, web, Web Performance, Web performance measurement, Web+performance

I am looking to implement some new GrabPERF features in the next few days (I still have some vacation left!), and I need some volunteers to help me out.

WHAT YOU NEED

1. A linux machine with the MySQL and cURL development libraries installed
2. A static IP address (even a static external NAT IP is ok)
3. The ability to do some basic configuration
4. The ability to set up CRON jobs
5. The ability to install PERL modules

Drop me a comment and I will fill you in.

Technorati: GrabPERF, Web Performance, Web Performance Measurement, Web Performance Monitoring

IceRocket: GrabPERF, Web Performance, Web Performance Measurement, Web Performance Monitoring

Tags: blog, cro, GrabPERF, GrabPERF.org, HTTP, IE, IM, IP, ip address, it, Linux, Mac, measurement, mysql, Om, performance, performance measurement, Perl, Technorati, web, Web Performance, Web performance measurement, Web+performance

Tried to set up Verizon DSL last night. Didn’t work; rotating IP addresses; a variety of line related issues. Cancelled the service this morning.

Sorry for any interruptions you may have encountered last night.

Tags: comcast, IE, IP, ip address, Issues, it, Om, Verizon

Dave Winer: Expunged. Want to know when and who?

With Dave

Without Dave

If the timestamps on Wikipedia are correct, around 06:00 GMT May 23, 2005, Dave Winer was expunged from the history of Podcasting.

Offending IP address: 68.174.103.8. A RoadRunner IP.

Technorati: Podcasting, Dave Winer, Wikipedia

Tags: HTTP, IM, IP, ip address, it, Om, PHP, pr, run, Technorati

GrabIP is back up. YAY!

However, I have limited the number of queries per IP address per 24-hour period to 5. BOO!

Subscription service coming soon…unlimited lookups! YAY!

Tags: HTTP, IE, IM, IP, ip address, it, Om

I use StatCounter to track the visits to a few of my Web sites. Lately I have discovered a number of visitors that are logged as coming from Private IP Space addresses (10.0.0.0/8, etc.).

I know what’s happening here. These folks are behind proxy servers. When they request the StatCounter object, it is actually requested from the proxy server, which then logs their Private IP address, not the one on the external interface of their proxy server.

I also examine my Apache logs and can easily correlate these visitors to their external IP addresses.

A weird “feature”, but kind of cool, except if you are the security admin for these networks.

Tags: apache, app, cool, HTTP, IP, ip address, it, Om, One, pr, proxy, proxy server, server, visitors, web

I have been seeing a large number of hits with the following User-Agent string in my logs lately:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7

1. Firebird hasn’t existed as a browser for a very long time
2. A build date of October 7, 2003???
3. From 3 separate IP Addresses

This Apache REWRITE rule took care of this issue.

RewriteCond %{HTTP_USER_AGENT} .*Gecko\/20031007.*
RewriteRule ^.*$ http://www.pierzchala.com:9080/ [R,L,NS]

Try the URL…it points to this iptables rule.

/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 9080 -j DROP

I love Linux!

Tags: apache, browser, hits, HTTP, IE, IM, IP, ip address, ISP, it, Linux, Om, pr, TCP, window, Windows, Windows NT

Found a stupid GrabIP bug last night. When I clicked on one of the IP addresses in my log analysis system, it showed that the visitor was from Nigeria, then threw an error when the WHOIS attempted to get more information.

I realized that I did not have the code to handle the AFRINIC Registry in my tool. DOH! A simple fix and everything is good.

Tags: AFRINIC, analysis, HTTP, IE, IM, information, IP, ip address, it, Om, One, Registry

Someone has been abusing the Anonymizer system and hammering my system. Again, IPTABLES is my friend.

/sbin/iptables -A INPUT -s 168.143.113.125 -j DROP

This IP Address points to vortex.anonymizer.com.

dig -x 168.143.113.125

; <<>> DiG 9.3.0 <<>> -x 168.143.113.125
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52723
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;125.113.143.168.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
125.113.143.168.in-addr.arpa. 10800 IN  PTR     vortex.anonymizer.com.

;; AUTHORITY SECTION:
113.143.168.in-addr.arpa. 10800 IN      NS      ns1.infonex.net.
113.143.168.in-addr.arpa. 10800 IN      NS      ns2.infonex.net.

;; ADDITIONAL SECTION:
ns1.infonex.net.        172693  IN      A       168.143.113.201
ns2.infonex.net.        172693  IN      A       168.143.113.202

If someone at Anonymizer can bring these requests under control, I will turn the access back on.

Tags: control, EAD, hits, IE, IP, ip address, it, Om, One, pr

There is some idiot out there running a bot/attack protocol using a referring URL that always ends with ‘.eu.tt’.

Turns out that there was more than one IP involved. IPTABLES took care of them.

/sbin/iptables -A INPUT -s 200.123.9.119 -j DROP
/sbin/iptables -A INPUT -s 195.54.87.222 -j DROP
/sbin/iptables -A INPUT -s 194.47.95.115 -j DROP
/sbin/iptables -A INPUT -s 198.234.202.130 -j DROP
/sbin/iptables -A INPUT -s 198.234.202.131 -j DROP

Please use DROP. This stalls the buggers, as they get stuck in an endless trap of trying to open a TCP connection with your server.

Does anyone know of a server that has an open DROP rule for Port 80? This would be a useful online tool for folks who can re-direct annoying traffic through server configs, but who can’t control the firewall or IPTABLES.

Simple set-up. Get a domain, register it. Get a DNS record to say that www.foobar.com is the macines IP Address. Then use IPTABLES to DROP all Port 80 inbound traffic. Publish the URL. Watch the fun!

What’s the fun? Well, when you publish the address and explain that anyone can use targetted re-directions to send unwanted traffic to this place of lost TCP connections, and annoying bots get stuck.

It’s a simple IPTABLES rule. For my machine, it would be:

/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 80 -j DROP

Which, in IPTABLES speak, means “Any [-s 0/0] inbound traffic on network interface eth0 [-i eth0], headed for TCP port 80 [--dport 80], should be quietly dropped [-j DROP]“.

Please do not try this on a production server! All of your HTTP traffic will disappear! However, you could re-write it slightly, and still preserve port 80 for standard HTTP, like, statistics on the distinct IPs stuck in your flypaper.

Change ‘http://www.foobar.com/’ to ‘http://www.foobar.com:9080/’ and adjust the IPTABLES rule accordingly.

/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 9080 -j DROP

Ok, my rant is done. Have fun, and use these tools wisely.

Tags: app, control, DNS, EAD, Firewall, HTTP, IE, IM, IP, ip address, it, Mac, Om, One, online, pr, run, server, statistics, TCP, traffic