homepage Welcome to WebmasterWorld Guest from 54.204.59.230
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
ucsb seclab crawler
Pfui




msg:4405709
 10:24 pm on Jan 10, 2012 (gmt 0)

Academia should strive to uphold standards, not erode them.

192.35.222.136
ucsb seclab crawler

URI: /
robots.txt? NO

192.35.222.136
= University of California, Santa Barbara, Office of Information Technology
= Threat Level 17 [projecthoneypot.org...]

seclab = The Computer Security Group at UC Santa Barbara = http://seclab.cs.ucsb.edu/

 

keyplyr




msg:4405716
 11:14 pm on Jan 10, 2012 (gmt 0)

Academia should strive to uphold standards, not erode them.


Agreed, however being an academic gives insight that student projects often ignore the very curriculum built from those standards.

dstiles




msg:4405725
 11:53 pm on Jan 10, 2012 (gmt 0)

I have 192.35.222/24 blocked since last Jan.

upside




msg:4406874
 8:40 pm on Jan 14, 2012 (gmt 0)

I have 192.35.222/24 blocked since last Jan.

Same here.

A few other characteristics about their connections that stand out:

$_SERVER['HTTP_FROM']='seclab@cs.ucsb.edu';
$_SERVER['HTTP_USER_AGENT']='Python-urllib/2.6';
$_SERVER['HTTP_USER_AGENT']='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)';

lucy24




msg:4406917
 11:12 pm on Jan 14, 2012 (gmt 0)

The MSIE 6 alone would get them rewritten to a custom page. "Boy, what a boring site. Every single page just says 'I think I don't like your face'."

Pfui




msg:4409547
 3:17 am on Jan 22, 2012 (gmt 0)

FWIW: Infected machine at the so-called Security Group, too. URI=REF and tried POST to botbait:

192.35.222.29
ucsb seclab crawler

"GET /botbait/ HTTP/1.1" 200
"POST /botbait/ HTTP/1.1" 405 "http://www.example.com/botbait/"

dstiles




msg:4409683
 8:58 pm on Jan 22, 2012 (gmt 0)

I blocked that /24 almost exactly a year ago! :)

I see a lot of spam and "hacks" from domains claiming to be "security", most of them from compromised servers. :(

g1smd




msg:4409684
 9:02 pm on Jan 22, 2012 (gmt 0)

The
urllib in the UA is more than enough to see all accesses bounced to oblivion here...
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved