Hotlinking the Vegetable

I've found some weird mailto accesses, I don't know what they are doing. There have been 11 of them since 16 Dec 2005, with 10 of them from 27-30 Dec 2005.

A mailto URL is not supposed to access the server, rather it should fire up your email client. Spiders should know not to try.

These all seem taken wholly from the mailto links, my own, and a handful of commenters. Here is an example, one with my address:

1) 66.252.133.170 - - [30/Dec/2005:13:30:56 -0800]
2) "GET /archives/2005/12/mailto%26#58;therobotvegetable@middle-fork.org HTTP/1.0"
3) 404 294 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

I think this is a broken spider, except that these are the only lines from this IP address. A spider would be walking all over my site. I checked dropping the last number from the IP to see if it was working through a list, but this isn't the case.

Looking into the IP:


therobotvegetable@hosting ~ $ dig 66.252.133.170

; <<>> DiG 9.2.3 <<>> 66.252.133.170
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28828
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;66.252.133.170. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2006010201 1800 900 604800 86400

;; Query time: 28 msec
;; SERVER: 65.197.143.152#53(65.197.143.152)
;; WHEN: Mon Jan 2 18:26:51 2006
;; MSG SIZE rcvd: 107


...which doesn't reveal much. The IP resolves to a website w/ an Under Construction notive. I've tried a few standard pages and get 404ed. Telnet to the email port get rejected.

So, I'm clueless abut why these accesses are attempted.


Colophon: This image was created for this post and is not hotlinked.