What is 'califia.imaginemedia.com' doing in my system???

What is 'califia.imaginemedia.com' doing in my system???

Post by bha.. » Sun, 21 Jul 2002 01:03:17



Red Hat 7.3, running iptables.

Apache + bind  setup for ad blocking.

This morning I discovered references to 'califia.imaginemedia.com'
splattered over various and sundry areas of my system.  

'califia.imaginemedia.com' is one of the names resolving to
127.0.0.1 in my hosts file.

With no browsers or other net clients running, 'lsof -i'
shows (abbreviated for brevity):

xinetd    21012  root    5u  IPv4 346909       TCP califia.imaginemedia.com:41821 (LISTEN)
named     21034  root    8u  IPv4 347614       UDP *:33445
named     21034  root    9u  IPv4 347610       UDP califia.imaginemedia.com:domain
named     21034  root   10u  IPv4 347611       TCP califia.imaginemedia.com:domain (LISTEN)
named     21034  root   11u  IPv4 347612       UDP penguin:domain
named     21034  root   12u  IPv4 347613       TCP penguin:domain (LISTEN)
named     21034  root   13u  IPv4 347615       TCP califia.imaginemedia.com:rndc (LISTEN)
named     21036  root    8u  IPv4 347614       UDP *:33445
named     21036  root    9u  IPv4 347610       UDP califia.imaginemedia.com:domain
named     21036  root   10u  IPv4 347611       TCP califia.imaginemedia.com:domain (LISTEN)
named     21036  root   11u  IPv4 347612       UDP penguin:domain
named     21036  root   12u  IPv4 347613       TCP penguin:domain (LISTEN)
named     21036  root   13u  IPv4 347615       TCP califia.imaginemedia.com:rndc (LISTEN)
named     21037  root    8u  IPv4 347614       UDP *:33445
named     21037  root    9u  IPv4 347610       UDP califia.imaginemedia.com:domain
named     21037  root   10u  IPv4 347611       TCP califia.imaginemedia.com:domain (LISTEN)
named     21037  root   11u  IPv4 347612       UDP penguin:domain
named     21037  root   12u  IPv4 347613       TCP penguin:domain (LISTEN)
named     21037  root   13u  IPv4 347615       TCP califia.imaginemedia.com:rndc (LISTEN)
named     21038  root    8u  IPv4 347614       UDP *:33445
named     21038  root    9u  IPv4 347610       UDP califia.imaginemedia.com:domain
named     21038  root   10u  IPv4 347611       TCP califia.imaginemedia.com:domain (LISTEN)
named     21038  root   11u  IPv4 347612       UDP penguin:domain
named     21038  root   12u  IPv4 347613       TCP penguin:domain (LISTEN)
named     21038  root   13u  IPv4 347615       TCP califia.imaginemedia.com:rndc (LISTEN)
named     21039  root    8u  IPv4 347614       UDP *:33445
named     21039  root    9u  IPv4 347610       UDP califia.imaginemedia.com:domain
named     21039  root   10u  IPv4 347611       TCP califia.imaginemedia.com:domain (LISTEN)
named     21039  root   11u  IPv4 347612       UDP penguin:domain
named     21039  root   12u  IPv4 347613       TCP penguin:domain (LISTEN)
named     21039  root   13u  IPv4 347615       TCP califia.imaginemedia.com:rndc (LISTEN)
get_time_ 21046 bruce    3u  IPv4 348334       TCP oh-lyndhurst4e-2-147.clvhoh.adelphia.net:41822->64.210.188.11:https (ESTABLISHED)
httpd     21069  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21069  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21072  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21072  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21073  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21073  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21074  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21074  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21075  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21075  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21076  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21076  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21077  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21077  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21078  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21078  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21079  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21079  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)

('penguin' is the name of the local system. 'oh-lyndhurst4e-2-147.clvhoh.adelphia.net'
is the name assigned via dhcp)

Also, the apache access_log now includes lines like

califia.imaginemedia.com - - [19/Jul/2002:10:59:16 -0400] "GET /ad/N3064.Forbes.com/B1023165.8;sz=1x1;ord=2002.07.19.14.48.55? HTTP/1.1" 404 369

for blocked requests, where the source for the request used to be
'localhost.localdomain'.  All the references in access_log seem otherwise
normal, in that they are blocked attempts to load ads from sites I
actually visited.

I'm not seeing any symptoms of problems, but I've shut down xinetd, named,
and http until I figure out what's going on here.

Any and all help is welcome.

Bruce Halco

 
 
 

What is 'califia.imaginemedia.com' doing in my system???

Post by bha.. » Sun, 21 Jul 2002 01:10:51


Red Hat 7.3, running iptables.

Apache + bind  setup for ad blocking.

This morning I discovered references to 'califia.imaginemedia.com'
splattered over various and sundry areas of my system.

'califia.imaginemedia.com' is one of the names resolving to
127.0.0.1 in my hosts file.

With no browsers or other net clients running, 'lsof -i'
shows (abbreviated for brevity):

xinetd    21012  root    5u  IPv4 346909       TCP califia.imaginemedia.com:41821 (LISTEN)
named     21034  root    8u  IPv4 347614       UDP *:33445
named     21034  root    9u  IPv4 347610       UDP califia.imaginemedia.com:domain
named     21034  root   10u  IPv4 347611       TCP califia.imaginemedia.com:domain (LISTEN)
named     21034  root   11u  IPv4 347612       UDP penguin:domain
named     21034  root   12u  IPv4 347613       TCP penguin:domain (LISTEN)
named     21034  root   13u  IPv4 347615       TCP califia.imaginemedia.com:rndc (LISTEN)
named     21036  root    8u  IPv4 347614       UDP *:33445
named     21036  root    9u  IPv4 347610       UDP califia.imaginemedia.com:domain
named     21036  root   10u  IPv4 347611       TCP califia.imaginemedia.com:domain (LISTEN)
named     21036  root   11u  IPv4 347612       UDP penguin:domain
named     21036  root   12u  IPv4 347613       TCP penguin:domain (LISTEN)
named     21036  root   13u  IPv4 347615       TCP califia.imaginemedia.com:rndc (LISTEN)
named     21037  root    8u  IPv4 347614       UDP *:33445
named     21037  root    9u  IPv4 347610       UDP califia.imaginemedia.com:domain
named     21037  root   10u  IPv4 347611       TCP califia.imaginemedia.com:domain (LISTEN)
named     21037  root   11u  IPv4 347612       UDP penguin:domain
named     21037  root   12u  IPv4 347613       TCP penguin:domain (LISTEN)
named     21037  root   13u  IPv4 347615       TCP califia.imaginemedia.com:rndc (LISTEN)
named     21038  root    8u  IPv4 347614       UDP *:33445
named     21038  root    9u  IPv4 347610       UDP califia.imaginemedia.com:domain
named     21038  root   10u  IPv4 347611       TCP califia.imaginemedia.com:domain (LISTEN)
named     21038  root   11u  IPv4 347612       UDP penguin:domain
named     21038  root   12u  IPv4 347613       TCP penguin:domain (LISTEN)
named     21038  root   13u  IPv4 347615       TCP califia.imaginemedia.com:rndc (LISTEN)
named     21039  root    8u  IPv4 347614       UDP *:33445
named     21039  root    9u  IPv4 347610       UDP califia.imaginemedia.com:domain
named     21039  root   10u  IPv4 347611       TCP califia.imaginemedia.com:domain (LISTEN)
named     21039  root   11u  IPv4 347612       UDP penguin:domain
named     21039  root   12u  IPv4 347613       TCP penguin:domain (LISTEN)
named     21039  root   13u  IPv4 347615       TCP califia.imaginemedia.com:rndc (LISTEN)
get_time_ 21046 bruce    3u  IPv4 348334       TCP oh-lyndhurst4e-2-147.clvhoh.adelphia.net:41822->64.210.188.11:https (ESTABLISHED)
httpd     21069  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21069  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21072  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21072  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21073  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21073  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21074  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21074  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21075  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21075  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21076  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21076  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21077  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21077  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21078  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21078  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)
httpd     21079  root   16u  IPv4 348357       TCP penguin:http (LISTEN)
httpd     21079  root   17u  IPv4 348358       TCP califia.imaginemedia.com:http (LISTEN)

('penguin' is the name of the local system. 'oh-lyndhurst4e-2-147.clvhoh.adelphia.net'
is the name assigned via dhcp)

Also, the apache access_log now includes lines like

califia.imaginemedia.com - - [19/Jul/2002:10:59:16 -0400] "GET /ad/N3064.Forbes.com/B1023165.8;sz=1x1;ord=2002.07.19.14.48.55? HTTP/1.1" 404 369

for blocked requests, where the source for the request used to be
'localhost.localdomain'.  All the references in access_log seem otherwise
normal, in that they are blocked attempts to load ads from sites I
actually visited.

I'm not seeing any symptoms of problems, but I've shut down xinetd, named,
and http until I figure out what's going on here.

Any and all help is welcome.

Bruce Halco

 
 
 

1. Is e2label 'dangerous' when done on a 'live' file system?

tune2fs's man page includes a warning:

WARNING
       Never  use  tune2fs  to  change parameters of a read/write
       mounted filesystem!  Use this utility at  your  own  risk.
       You're modifying a filesystem!

*I* understand this warning, since many of the things tune2fs can do to
a file system will likely cause kernel confusion if done to a
read/write mounted file system.  *One* of the things tune2fs is set the
file system's label, which can also be done with e2label.  e2label does
not include the WARNING.  I have a batch of file systems on two SCSI
disk that I want to set labels on and want to know if I need to boot up
a rescue disk or if I can just do this on a running system.  I would
think that e2label would NOT be dangerous on live mounted file systems,
but it is not clear.

(It would be easier & simplier to do it on a live system, since I would
have a set of 'nice' tools to automate the process.)

2. computer networks becoming more critical to businesses than ever before?

3. How do I get 'w' to say that i am doing something else

4. win98->linux->internet : problem with unwanted connection to provider

5. What am I doing wrong with 'chat'?

6. Catching the strings

7. What's 'side effects' of Ksh built-ins?

8. Music software for Linux available here ...

9. Heah com' da FUD, Heah com' da FUD!

10. CLI 'system mail' vs. doing it in Gnome?

11. Can ISP detect when dial-ins are 'overloaded' ?

12. how do 'plug-ins' work?

13. Can ISP detect when dial-ins are 'overloaded' ?