Geek Bazaar

mystery apache log entry

Posted in the net by sandro on the November 29th, 2007

Apache server has been getting flooded with these entries:

60.12.136.66 - - [29/Nov/2007:12:21:35 +0100] “GET / HTTP/1.1″ 200 516 “10.101.4.58:15871/cgi-bin/blockpage.cgi?ws-session=1752192366″ “*WAPT 4.0*”

60.12.136.66 - that’s registered in China Beijing
blockpage.cgi - that’s WebSense (web site filtering / censor product)
WAPT - a load and stress testing tool for websites and web-based applications.

any ideas?

 

5 Responses to 'mystery apache log entry'

Subscribe to comments with RSS or TrackBack to 'mystery apache log entry'.

  1. miro said,

    on November 30th, 2007 at 11:37 am

    ugh, you got me confused at first :)
    I guess 60.12.136.66 is a gateway for a WebSense proxy on 10.101.4.58:15871, and WAPT is spidering from that intranet…

  2. sandro said,

    on November 30th, 2007 at 11:57 am

    yep .. and i guess my site is being referenced (maybe an img src pointing to the site) from a blocked site. but the referer is malformed (no http:// ..probably WAPT uses malformed referers). And if it is blocked .. does it mean that their websense blocking template is refering my site? :D

  3. bunnie said,

    on December 6th, 2007 at 8:37 pm

    My site is being spammed with the same queries:

    60.12.136.66 - - [01/Dec/2007:23:41:05 -0500] “GET / HTTP/1.1″ 200 89
    4.58:15871/cgi-bin/blockpage.cgi?ws-session=1534106343″ “*WAPT 4.0*”
    60.12.136.66 - - [29/Nov/2007:20:20:19 -0500] “GET / HTTP/1.1″ 200 12973 “nostarch.com/” “*WAPT 4.0*”
    60.12.136.66 - - [29/Nov/2007:20:19:16 -0500] “GET / HTTP/1.1″ 200 8910 “www.secureroot.com/” “*WAPT 4.0*”

    The IP address seems to be registered to someone around Hangzhou University, in China.

    If you find out anything new, would be interested in hearing about it.

  4. bunnie said,

    on December 6th, 2007 at 8:43 pm

    Actually, plugging 60.12.136.66 into google reveals that a lot of websites get hit by it. It’s probably a web crawler/search engine in China, or it’s one of those big boxes that is used to filter the traffic going into and out of China.

  5. sandro said,

    on December 6th, 2007 at 9:00 pm

    that sounds like a fair suggestion to me.

    looks like at least one of the products or technologies being used in China sensorship is made by Websense

    Some interesting news:
    http://www.networkworld.com/news/2002/1202china.html
    http://www.chinatechnews.com/2007/04/16/5255-websense-to-boost-internet-security-in-china/

Leave a Reply