homepage Welcome to WebmasterWorld Guest from 54.211.68.132
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
http://127.0.0.1:4664/preview?event id=
frontpage




msg:3411407
 1:05 pm on Aug 2, 2007 (gmt 0)

Today I noticed this in my server logs.

00.0.000.000 - - [02/Aug/2007:04:15:41 -0400] "GET /forum/style_imag HTTP/1.1" 404 2941 "http://127.0.0.1:4664/preview?event_id=131568&schema_id=2&q=runtz5&s=000000000000000000000000000" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"

Note that I have edited the suspicious servers IP.

What ever application this is caused many 404 errors while attempting to access the directory listing of images directories.

I searched Goo and Msn but only found server logs referencing it but no word on what software application it is.

 

wilderness




msg:3411469
 2:24 pm on Aug 2, 2007 (gmt 0)

"Note that I have edited the suspicious servers IP."

I'm not sure why?
Best thing you could do is deny the range, although that wouldn't remove the long request lines from your logs.

It's just somebody running some type of local script on their machine ""http://127.0.0.1".

There are many different types of scripts in various languages that are run and we never really find an answer to what exactly the script does.
In many instances we're able to determine a software name, however even that doesn't provide what the script is actually doing or "looking for".

frontpage




msg:3411561
 3:43 pm on Aug 2, 2007 (gmt 0)

"Note that I have edited the suspicious servers IP."

I'm not sure why?

I edited the IP address because people here freak out when you use real life examples.

I can deny it using Mod Security. Denying by IP would be inefficient as there are apparently many IP addresses using this software out in the wild.

I was just curious as to what this thing is. It was trying to access a image directory for a forum which is the default images used by thousands of other boards.

wilderness




msg:3411720
 5:22 pm on Aug 2, 2007 (gmt 0)

frontpage,
The forum practice is to obscure the Class D.

Experience has taught me to take an action against visitors whose procedures are not within the guidelines of acceptable practices.
As a result "should" a visitor or visitors make an attempt to harvest images from my image directory (or any other directory)I would initiate an action aganist both the User Agent and the IP range.
The above makes for sound security, after all, why allow access to a visitor that is either looking for flaws in site (s) or attemtping a hack or harvesting.

Don

Tastatura




msg:3412114
 12:29 am on Aug 3, 2007 (gmt 0)

I had similar question little while ago and the answer was that " 127.0.0.1:4664 is the url for Google Desktop Search"
hth

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved