Ryan's Journal

Between June, 2004, and the middle of January, 2005, I had our server mistakenly configured to act as an open proxy. Various domains were made victim:

andersonsrace.org
cbpastors.org
darkclan.net
mitacf.org
ryanlee.org
yopenguin.darkclan.net

1180 separate IPs made use of the open proxy for 180,343 requests totalling 2646900227 bytes (2.47 GB) transferred. I've put together a list of the IPs.

Abusers generally seemed to use the proxy as a method of posting spam to blogs and other comment-able services and as 'unique' hits for increasing their own advertising revenue; of the 180,343 hits, there were 67,977 unique requests to 4,750 valid domains. It is likely these businesses were not aware of the proxy abusers behavior, and it would probably be far more interesting to see which businesses the requested ads are attached to. The most frequently requested advertising domains, with an approximate hit count (not taking into account possible domain name variations) were:

 971 www.engine54.com
1025 www.blowsearch.com
1164 www.abcsearch.com
1172 t.trafficmp.com
1232 partners.mygeek.com
1322 www.searchyourpockets.com
1422 pagead2.googlesyndication.com
2003 focusin.ads.targetnet.com
2864 www.seek99.com
3448 www.kanoodle.com
4359 oz.valueclick.com

Further analysis is entirely possible - one could run the list of IPs through ARIN and its associated IP block assignment agencies to uncover zombied PCs or more insidious or ignorant hosting facilities. The businesses linked to the advertising comapnies could also be extracted by manual lookup.

If you're interested in pursuing some sort of legal action requiring the evidence I might be able to provide, please contact me; I don't have the time to follow these leads right now.

You must login to leave a comment