homepage Welcome to WebmasterWorld Guest from 54.211.97.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
Firefox 6 attack
testing my site?
incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4416906 posted 7:32 am on Feb 13, 2012 (gmt 0)

Here's a sample of some little attack that hit my radar which I found quite amusing.

All the same UA, all had the same flaw that caused them to get caught, most came from consecutive IPs in Germany, Sweden and a few other countries. The one I found most interesting was the Georgia IP was from a university, compromised or the source of the bombardment?

And it all happened quickly, within a minute, stress testing my scripts perhaps?

2012-02-12,00:38:09,83.140.95.58,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:11,83.140.95.53,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:22,83.140.95.64,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:31,83.140.95.65,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:35,83.140.95.40,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:35,186.153.181.226,Argentina,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:37,80.248.233.152,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:40,80.248.233.136,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:42,46.59.93.205,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:43,46.59.93.209,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:44,46.59.93.208,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:45,46.59.93.201,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:46,46.59.93.203,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:48,46.59.93.210,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:49,46.59.93.204,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:50,80.248.238.152,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:51,217.147.231.50,Georgia,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:52,80.248.239.130,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:53,80.248.239.133,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:54,80.248.239.126,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:59,218.189.26.158,Hong Kong,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html


Anyone tracking anything like this?

 

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4416906 posted 8:30 am on Feb 13, 2012 (gmt 0)

Bill,
Nothing like that, however I've something unique.
Since not having any logs to work with, I've been a bit less active.

I deplore browser changes on my own machines and stuck with FF 3.6 despite many newer versions.
Recently I upgraded to 7.01.
I only use a few piug-ins.

Had automated requests in my logs from ASK (using my own IP) and I wasn't aware that I had any Ask tool bar installed.

My FF UA
"Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"

The requests (four minutes after exiting the page and my own IP)
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; AskTbFXTV5/5.12.2.16749; .NET CLR 1.1.4322)"

After some poking around on the WWW. There are some suggestions that this toolbar is related to the Avira AV, which I use. It seems Avira is installing this TB in the FREE version of their software automatically and without notification.

There are some Ask references in the FF about:config, however nothing I could see to warrant change.

However, and to be fair, I've been editing loads of web pages with an older html software, and likely should be doing so offline, so that absolute links would not function.

Still, who'd ever thought ;)

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4416906 posted 8:41 am on Feb 16, 2012 (gmt 0)

Speaking of compromised machines:

205.188.116.zzz - - [16/Feb/2012:07:56:17 +0000] "GET /MyFolder/MySub/MyPage.html HTTP/1.1" 403 533 "http:/example.com/smf/index.php?topic=00000.0" "Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.5; AOLBuild 4337.5401; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDC; .NET4.0C; ShopperReports 3.0.497.0; SRS_IT_E8790571B5765E543FAD97; BRI/1; BRI/2; FunWebProducts; AskTbORJ/5.13.1.18107)"

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved