Anyone know what is going on here?

ecchi · 2012-08-15, 06:20 AM

I created a new domain, with a name that is unlikely to have been used before, over a month ago. I transfered DNS to my server but did bugger all to it, so for over a month it showed the standard "upload your index file..." message and nothing else.

On Sunday I uploaded an unfinished website to it. Today I went back to it to finish it and found the site has had several hits every day starting on Sunday (the day I uploaded it). They all show no referrer, and all 16 pages of the site have been hit several times. Normally I would assume that I got hit by a search engine spider bloody quickly but it keeps returning to look at the same page and (more surprisingly) there are no links to this site anywhere yet, so so I did a reverse DNS lookup. The IP is 82.132.249.191 which resolves to a British ISP, so presumably the searches are coming from a private computer, probably a virus bot. Anyone have any idea what is going on and how the hell they found an unlisted site?

And a further question: I also found an IP that was identified as a Google bot. Considering that there are no links to the site, and the Googlebot hit the day after I uploaded content to the site, how the hell did they find me too?

Thanks

cd34 · 2012-08-15, 12:33 PM

82.132.249.191 looks familiar - probably running ZMeu which scans for vulnerabilities, but, currently doesn't look at domains, they just ping ranges of IPs to see which are active and scan them. They have no idea what the domain is.

Did you use Chrome? did you use Google's public DNS resolvers? Google is also a registrar so that they can get the domain registration data on new domains.

ecchi · 2012-08-16, 03:39 AM

Quote:

Originally Posted by cd34

82.132.249.191 looks familiar - probably running ZMeu which scans for vulnerabilities

Thanks for your help. Fortunately the only script running is a stats program, if he finds a vulnerability in that, all he will find out is that he and Google are my only visitors so far.

Quote:

Originally Posted by cd34

Did you use Chrome? did you use Google's public DNS resolvers?

No, but your answer reminded me that I do use the Google toolbar, so I guess that may have reported my own visits to the site, thanks.

2012-08-15, 06:20 AM	#1
ecchi Banned Join Date: Oct 2003 Location: About to be evicted!!!! Posts: 4,082	Anyone know what is going on here? I created a new domain, with a name that is unlikely to have been used before, over a month ago. I transfered DNS to my server but did bugger all to it, so for over a month it showed the standard "upload your index file..." message and nothing else. On Sunday I uploaded an unfinished website to it. Today I went back to it to finish it and found the site has had several hits every day starting on Sunday (the day I uploaded it). They all show no referrer, and all 16 pages of the site have been hit several times. Normally I would assume that I got hit by a search engine spider bloody quickly but it keeps returning to look at the same page and (more surprisingly) there are no links to this site anywhere yet, so so I did a reverse DNS lookup. The IP is 82.132.249.191 which resolves to a British ISP, so presumably the searches are coming from a private computer, probably a virus bot. Anyone have any idea what is going on and how the hell they found an unlisted site? And a further question: I also found an IP that was identified as a Google bot. Considering that there are no links to the site, and the Googlebot hit the day after I uploaded content to the site, how the hell did they find me too? Thanks

2012-08-15, 12:33 PM	#2
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	82.132.249.191 looks familiar - probably running ZMeu which scans for vulnerabilities, but, currently doesn't look at domains, they just ping ranges of IPs to see which are active and scan them. They have no idea what the domain is. Did you use Chrome? did you use Google's public DNS resolvers? Google is also a registrar so that they can get the domain registration data on new domains. __________________ SnapReplay.com a different way to share photos - iPhone & Android