homepage Welcome to WebmasterWorld Guest from 54.234.141.47
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / WYSIWYG and Text Code Editors
Forum Library, Charter, Moderator: open

WYSIWYG and Text Code Editors Forum

    
Is this a site being scraped?
Marcia

WebmasterWorld Senior Member marcia us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 919 posted 3:43 am on Nov 9, 2004 (gmt 0)

I found this in the site stats, and since that site was being swiped from before for a long while, I'm wondering if that's what this is

/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0

 

bakedjake

WebmasterWorld Administrator bakedjake us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 919 posted 3:43 am on Nov 9, 2004 (gmt 0)

No, that's frontpage extensions.

Marcia

WebmasterWorld Senior Member marcia us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 919 posted 3:51 am on Nov 9, 2004 (gmt 0)

I know, that's why I asked here. But that entire site was being downloaded by someone using Front Page last fall to swipe my kw and copy, and I don't even have FP extensions installed on any of my hosting. So how could FP extensions be showing up like that.

cabowabo

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 919 posted 3:54 am on Nov 9, 2004 (gmt 0)

So how could FP extensions be showing up like that.

Ask you server admin to do a trace on it.

bakedjake

WebmasterWorld Administrator bakedjake us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 919 posted 4:07 am on Nov 9, 2004 (gmt 0)

Marcia, what was the response code by the server? Post the entire line from the log file.

Larryhat

10+ Year Member



 
Msg#: 919 posted 4:08 am on Nov 9, 2004 (gmt 0)

I see something similar in my access_log files all the time. Usually its something like:

GET /vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=6403&STRMVER=4&CAPREQ=0
GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=6403&STRMVER=4&CAPREQ=0

.. followed by the usual user agents, Mozilla (compatible; yadda..quack 4.01 ..

Sometimes this is followed by requests for form-mail stuff, all sent from
the same server. I have no form-mail at all.

I took a random .gif image and renamed it owssvr.dll,
(over the protestations of my operating system) and
uploaded that into my /vti-bin/ folder at the host.

That's so whoever it is doesn't go away completely empty handed.
I was going to take a .jpg image and rename it
cltreq.asp but I don't have an /MSOffice folder on my site.

Any suggestions? How about a table of random numbers?

- Larry

Larryhat

10+ Year Member



 
Msg#: 919 posted 4:16 am on Nov 9, 2004 (gmt 0)

I forgot something:

With the sole exception of my perverted owssvr.dll file,
all the bogus requests return a 404 error.
Except for some tiny bandwidth, no harm done I suppose.

I would really like to know who does this and why in any case.
Somebody suggested email spammers once. and I'm hoping it isn't something even worse.

-LH

Marcia

WebmasterWorld Senior Member marcia us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 919 posted 5:02 am on Nov 9, 2004 (gmt 0)

I've got no /vti-bin/ on my hosting, but this is a different issue. I looked for the IP number, then remembered about checking it out at Sam Spade. It's a Verizon DSL user.

>>I'm hoping it isn't something even worse.

What I'm now figuring this is, seeing it's an ISP and looking again seeing that it's one section of the site, is that it was the pages being grabbed. Yahoo must have just updated, the site moved up from #3 to #1 for that keyword. So whoever it is must have decided they like it because apparently they went through that whole particular subdirectory on the site.

I'll have to keep tabs now, and I'm no techie but remembering the months of aggravation last year, if it's the same party, rather than disallow the whole IP again, it might be time to get a little creative.

Edouard_H

10+ Year Member



 
Msg#: 919 posted 5:20 am on Nov 9, 2004 (gmt 0)

This thread [webmasterworld.com] and the link therein indicate that it's microsoft office with "web discussions" enabled.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / WYSIWYG and Text Code Editors
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved