Web Servers General Talk - Requests for "torrents" related pages on port 80 - Exploit?

This is Interesting: Free IT Magazines  
Home > Archive > Web Servers General Talk > June 2006 > Requests for "torrents" related pages on port 80 - Exploit?





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Requests for "torrents" related pages on port 80 - Exploit?
D. Stussy

2006-06-12, 1:38 am

For some reason, my web server is getting alot of requests for resources that
have to do with "torrents." How can I stop this? That machine has never, nor
any on its physical network, participated in any peer-to-peer file sharing
scheme or protocol.

Example request: GET /suprnova//torrents/1403/....

Is this a virus attack that is seeking to exploit some torrent software? If
so, then why is it on port 80 instead of 6883 (I think that's the torrent
port)?

These requests are coming in from different IP addresses (obviously not
on the same network), so I can't use that to block them. My server is
"410"-ing the requests with the double-slashes and "404"-ing the rest, so I
know that it's not compromised, but it's starting to get annoying, and if I let
it continue, it may grow into a DOS attack.

Does anyone know what's going on? A google-search for "suprnova torrents"
didn't help (and mainly returned articles about the demise of suprnova.org).
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com