I was looking at some back end data and found out that lately there's been some fishy searching going on. If anyone has a clue what the idea behind this is, or recognizes the IP's listed, by all means, leave me a comment!

Search: query for 'marketing' - - 41 minutes ago
Search: query for ' front 242' - - 1 hour ago
Search: query for 'domains' - - 6 hours ago
Search: query for 'books' - - 12 hours ago
Search: query for 'legal' - - 18 hours ago
Search: query for 'privacy' - - 20 hours ago
Search: query for 'traffic' - - 23 hours ago
Search: query for 'shopping' - - 1 day ago
Search: query for 'linux' - - 1 day ago
Search: query for 'blog' - - 1 day ago
Search: query for 'friends' - - 1 day ago
Search: query for 'legal' - - 2 days ago
Search: query for 'world' - - 2 days ago
Search: query for 'politics' - - 2 days ago
Search: query for 'life' - - 2 days ago

I'm not so much surprised by the actual searches and terms, because most of those are valid tags or categories on the blog. What is more striking is the fact that there are three searches in a short period of time, then it stops and it starts again later. Some IP's return quite a few times too. I've ran some through a series of tools and one IP address is assigned to a German provider, one is coming from Sweden but - and here it becomes interesting - 5 IP addresses are linked to ISP Neostrada Plus (Krakow Poland) with another one coming from the Lerkins Group, also based in Krakow, Poland.

It would be most safe to disregard the Swedish search entry, as it is not a category or regular tag search, nor does it fit the pattern the other searches share. I just included it to be as complete as possible.

The sudden attention from Poland for this blog seems a little odd, wouldn't you say? I looked around on the Lerkins Group site and apparently they provide Security Audit and Consultancy services. Is someone profiling me? Are they just interested in what I have to write here? Is a Lerkins admin catching up on all my posts and once work is done, does some more checking from home? Who knows...

I'm gonna take a look in some other log files to dig a bit deeper. Should I find anything out of the ordinary, I'll report back.

Note : while checking the last 300 lines in the log file, I noticed some IP addresses that belong to comment spammers, so those are now banned.


Good luck, Sherlock!

Zeg Insanity, wanneer gade eens in actie schieten?
Ge zijt precies bezig zoals Beau (mijn nieuwe blogcrush). Maar ge zou precies ook wat spanning in uw leven kunnen gebruiken :-)

Eej, IP adressen tracken is ook spannend hoor ;-)

Maareuh... ge hebt gelijk. Ik lanceer bij deze een oproep om een spannend lief te vinden, lol.

Leave a comment

Monthly Archives


OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.13-en

About this Entry

This page contains a single entry by ServMe published on September 7, 2008 9:01 AM.

Rebooting life was the previous entry in this blog.

End of File is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.