-- Search Engine Spider and User Agent Identification
---- another one for the profilers
lucy24 - 1:57 am on Oct 18, 2013 (gmt 0)
This is a "just wondering..." question. The botnet involved has always been blocked; I only found it in logs while looking for something else. Looks like it's been visiting sporadically since August or so.
Pause for a moment of hilarity at the UA. It takes a very special kind of robot to think that masquerading as a Chinese search engine will increase its chances of getting in the door. (The IP is Softlayer, so this particular request would have been blocked at least two ways.)
The first set of three have been there all along; the second set seems to have been added last month, coincidentally after I started tracking. At least I hope it's coincidence ;) The filenames initially scared me out of my wits because-- pay close attention now-- /dir-one/dir-two/ in real life is a page that talks about an outside site, dir-two dot com. And, while I don't happen to have pages called /admin/categories.php /admin/file_manager.php /admin/banner_manager.php they are completely plausible filenames for dir-two dot com. Except for the .php extension, which I belatedly remembered the site doesn't use; it's all .jsp.
QUESTION: Does this set of three named files point to some particular CMS that conventionally uses these names? Just curious.