Today I noticed this in my server logs. 00.0.000.000 - - [02/Aug/2007:04:15:41 -0400] "GET /forum/style_imag HTTP/1.1" 404 2941 "http://127.0.0.1:4664/preview?event_id=131568&schema_id=2&q=runtz5&s=000000000000000000000000000" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20070725 Firefox/22.214.171.124"
Note that I have edited the suspicious servers IP.
What ever application this is caused many 404 errors while attempting to access the directory listing of images directories.
I searched Goo and Msn but only found server logs referencing it but no word on what software application it is.
"Note that I have edited the suspicious servers IP."
I'm not sure why? Best thing you could do is deny the range, although that wouldn't remove the long request lines from your logs.
It's just somebody running some type of local script on their machine ""http://127.0.0.1".
There are many different types of scripts in various languages that are run and we never really find an answer to what exactly the script does. In many instances we're able to determine a software name, however even that doesn't provide what the script is actually doing or "looking for".
frontpage, The forum practice is to obscure the Class D.
Experience has taught me to take an action against visitors whose procedures are not within the guidelines of acceptable practices. As a result "should" a visitor or visitors make an attempt to harvest images from my image directory (or any other directory)I would initiate an action aganist both the User Agent and the IP range. The above makes for sound security, after all, why allow access to a visitor that is either looking for flaws in site (s) or attemtping a hack or harvesting.