[Techtalk] Apache, abuse and nonexistent domains.

Dan Richter daniel.richter at wimba.com
Tue Feb 25 11:47:25 EST 2003


Hi everyone.

Two months ago, someone wrote to LinuxChix because she saw this in her HTTP 
log:

 > 208.3.113.49 - - [17/Dec/2002:04:34:42 +0100] "CONNECT
 > 203.190.194.95:25 HTTP/1.1" 400 379 "-" "-"

This is an attempt to send spam. Many people, notably Mandi, explained how 
to do a whois lookup on the IP address. That was quite helpful.

Now I notice this in my logs:
 > 209.226.104.182 - - [25/Feb/2003:03:02:57 -0500] "CONNECT
 > 209.226.104.182:80 HTTP/1.0" 405 301 "-" "-"

When I follow Mandi's advice, I find that the address is in Bell Canada's 
address space, and a hostname lookup on the offending address shows that it 
belongs to sympatico.ca, which I think is an ISP:
$ host 209.226.104.182
[blah, blah, blah] HSE-MTL-ppp3983.qc.sympatico.ca.

Should I send the complaint to them, or to Bell Canada? Also, what's the 
difference between TechEmail and OrgTechEmail?

I would love to be able to write a Perl script to automatically find the 
appropriate person to e-mail. Is that possible, or are there too many 
different possible cases?

Thanks.

========== Dan Richter ============== mailto:Dan at wimba.com ===========
        He [Bob Dole] fought in Italy, where he suffered
        a serious head injury. Then he went into politics.
                - a poorly worded radio announcement in 1961




More information about the Techtalk mailing list