Disturbing Stuff and Other Stuff :)

My blog started 17 October 2004. That is five years ago almost. I’ve never restricted access to my blog. Until today. There has been some very unusual activity coming from a very specific IP address. That IP address has been blocked. I won’t share the IP but I’m sure the person will figure out he/she has been blocked and perhaps contact me to ask why. I don’t care who reads my blog, but I dislike people sneaking about. The IP address resolves to two separate places depending which IP lookup service you use. I run three site analysis programs and they let me know the IP of my visitors, how they got here, how long they’re here, what pages they look at, and all sorts of information about their computer system. The logs time stamp everything and everything always matches. Always. For a while I’ve been noticing an anomaly with this one IP. And because I don’t like unanswered questions such as this, I’ve solved it by locking that IP out until I have answers.

For example this sample address cpe-67-240-111-111.rochester.res.rr.com will show you what I mean. That IP should match the actual IP it came from, or at least the first three pairs. If not, there’s either deliberate spoofing or some other re-direct going on. I’ve altered the IP address to respect my visitor’s privacy. In the case of the one above it matches. It’s an account belonging to RoadRunner in Rochester, NY.  Sometimes the match will be close — for example my IP often shows up as Kendall, North Miami, Fort Lauderdale, and so on depending where my DSL connection is routed. However, if a visitor shows as belonging to, say, RoadRunner, and the IP belongs to, say, a military base in Arizona, there’s a serious problem. I get plenty of visitors from .mil and .gov addresses and none of them are spoofed. I get plenty of visitors from all manner of ISPs and none of them are spoofed. I even get visitors from proxy-servers and they aren’t spoofed either — they conceal the real visitor, not the fact it’s from a proxy-server company. When I grew suspicious, I tagged the IP as “Suspicious Visitor” so I knew what they were doing. 47 visits, and every one from the same IP and every one follows the same pattern.

In other news, special thank you to Randy and Jose who helped me with a site problem which had me completely baffled. We never did get it resolved until the hosting company finally called me. Yeah, DreamHost called me. And I want to thank Jeremy T at DreamHost for helping me resolve this silly issue — a very small configuration error. For those of you who were unable to access darsys.net or darsys.com for the past 24 hours, I apologize. You may have to clear your cache if you continue to get a configuration error. It’s amazing how a file that is 158 bytes long can cause so much trouble, hair pulling, and screaming.

I went to the dentist today for my root canal. I am pleased to report I didn’t have to have one. The wayward filling was replaced because it was cracked. If it’s not hurting Monday, I’m home free. Otherwise, it’s the root canal. Maybe I’ll get lucky with this. The Nucor fight is escalating. I’ve heard from more executives at companies in our industry and am volunteering my time to help any of the companies organize their campaigns. I’ve also been in contact with a number of my Chinese and Taiwanese counterparts. It’ll all be interesting as the ITC has really put this on a very fast track — something I hope our industry can derail. (See previous posts here and the corporate FaceBook page. Keep in mind posts here are my personal opinions and may not always reflect our company’s official position.)

Leave a Reply