I noticed a lot of checks on my websites for "list.txt" in the root of the website. I've tried to find any information on that, but not getting any useful hits.
Does anyone know what checks for this file, why, and what is supposed to be in it?
Checks for "list.txt" on websites - why?
Checks for "list.txt" on websites - why?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
Latitude
Re: Checks for "list.txt" on websites - why?
What do you mean with "the website"? Palemoon.org?Moonchild wrote:I noticed a lot of checks on my websites for "list.txt" in the root of the website.
Are your account hacked? You don't sound like Moonchild at all....
Re: Checks for "list.txt" on websites - why?
What does text sound like?Latitude wrote:Are your account hacked? You don't sound like Moonchild at all....
Anyway, this is a verified post by Moonchild.
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Re: Checks for "list.txt" on websites - why?
I mean all websites I host. "the website in question".Latitude wrote:What do you mean with "the website"? Palemoon.org?
I'm assuming it's a bot of some sort that checks for this file, but I'm having the hardest time finding any sort of information on it.
And yeah rest assured my account has not been hacked
It's me!"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Checks for "list.txt" on websites - why?
All websites? Maybe status monitoring from your VPS provider.
Re: Checks for "list.txt" on websites - why?
I wouldn't rule out some bot looking for a specific vuln. but their info was garbled during translation or misreading of a screenshot, eg. the original might be related to a ???_list.txt.
Re: Checks for "list.txt" on websites - why?
No, that wouldn't make any sense. There's no reason for a VPS provider to make http(s) requests to VMs they employ - status monitoring of the VMs would be done with internal checks.adesh wrote:All websites? Maybe status monitoring from your VPS provider.
I doubt it. the requests are specifically for "list.txt" in the web root, nothing else.satrow wrote:I wouldn't rule out some bot looking for a specific vuln. but their info was garbled during translation or misreading of a screenshot, eg. the original might be related to a ???_list.txt.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Checks for "list.txt" on websites - why?
FTR, here's a log excerpt from the forum. IP addresses from Indonesia, Brazil, Honduras, Bulgaria and Russia. no real rhyme or reason to it far as I can tell.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Checks for "list.txt" on websites - why?
181.47.9.239, AR residential broadband and known proxy server, quite active over the last eight days, including what looks like a CN user several times on the 17th.
I'll try to find some space later to dig for dirt on the others.
I'll try to find some space later to dig for dirt on the others.
Re: Checks for "list.txt" on websites - why?
So, likely checking for compromised servers via proxy?
Maybe I should create a list.txt with false data in it once we know what it's used for
Maybe I should create a list.txt with false data in it once we know what it's used for
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Checks for "list.txt" on websites - why?
Yes, either compromised or open to some recently discovered vuln. is my guess, via a chain of non-Tor proxies to inhibit any track back yet minimise suspicion.Moonchild wrote:So, likely checking for compromised servers via proxy?
-
John connor
Re: Checks for "list.txt" on websites - why?
You might be interested in CIDRAM and Ninjafirewall. I use both and know the CIDRAM author. https://cidram.github.io/
Using these two websites I don't see anything reported.
https://www.abuseipdb.com/
http://www.blocklist.de/en/search.html? ... art+search
What was the user agent for these requests?
Using these two websites I don't see anything reported.
https://www.abuseipdb.com/
http://www.blocklist.de/en/search.html? ... art+search
What was the user agent for these requests?
Re: Checks for "list.txt" on websites - why?
Various, so likely spoofed from a table of known ones. No referrers were sent, either.John connor wrote:What was the user agent for these requests?
193.188.254.67 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
61.7.186.96 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
182.160.124.29 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
212.22.86.114 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
188.211.224.162 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
201.249.88.35 - "Mozilla/5.0 (compatible; Googlebot/2.1;+http://www.google.com/bot.html)"
180.183.104.120 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)"
185.64.220.113 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
182.253.178.194 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50"
193.93.228.209 - "Mozilla/5.0 (Windows NT 5.1; U) Opera 7.54 [ru]"
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Checks for "list.txt" on websites - why?
Excepting the ID IP 36.78.100.89, which might be too new on the scene to be sure of, the IPs are all flagged as static broadband from regular ISPs and proxy servers or network sharing devices.
Re: Checks for "list.txt" on websites - why?
Definitely interesting. Ohwell, I'll just happily serve 404s to them; takes no resources to do so.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
CharmCityCrab
-
CharmCityCrab
Re: Checks for "list.txt" on websites - why?
A lot of the examples of "list.text" I'm seeing from websearchs are associated with torrent and piracy sites. Not sure if that helps or not. I figure it's worth throwing in as a datum point that might be combined with other information that someone comes across later to solve our mystery.
I tend not to want to click on those domains lest I find my computer hijacked to mine bitcoins or something.
But if anyone regularly visits those type of sites anyway and wants to click and see what the lists actually have on them, that might help MoonChild out.
I tend not to want to click on those domains lest I find my computer hijacked to mine bitcoins or something.
But if anyone regularly visits those type of sites anyway and wants to click and see what the lists actually have on them, that might help MoonChild out.-
CharmCityCrab
Re: Checks for "list.txt" on websites - why?
Here's one I found on a reputable site:
https://www.scribd.com/document/359053561/list.txt (redirects to the same URL, but with "list-txt" replacing "list.txt")
What they have on there is kind of interesting...
https://www.scribd.com/document/359053561/list.txt (redirects to the same URL, but with "list-txt" replacing "list.txt")
What they have on there is kind of interesting...
Re: Checks for "list.txt" on websites - why?
I think we might have a winner, good find.CharmCityCrab wrote:Here's one I found on a reputable site:
https://www.scribd.com/document/359053561/list.txt (redirects to the same URL, but with "list-txt" replacing "list.txt")
What they have on there is kind of interesting...
I'll add that one of my checks on those IPs does list brute force attacks but none had been recorded for them.
-
dark_moon
Re: Checks for "list.txt" on websites - why?
I found that, maybe its related too?
"A list of working Pirate Bay proxy sites" (search result from DuckDuckGo)
"A list of working Pirate Bay proxy sites" (search result from DuckDuckGo)