homepage Welcome to WebmasterWorld Guest from 174.129.103.100
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
FireFox 3
wilderness




msg:4418617
 3:05 am on Feb 17, 2012 (gmt 0)

I'd already hijacked Bill's 6.0 thread and did not wish to do so further.

In another thread, and recently, there was a notation about either a mobile device or handhelds using the FF Ver 3. Could not recall the topic for reference.

My sites have always seem to attract diverse browsers, UA's and other diverse criteria, although on smaller traffic scales than most.

Today this ATT user entered on a refer:

"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 ( .NET CLR 3.5.30729; .NET4.0C) MindQuizSearchToolbar/1.2 FBSMTWB"

grabbing the page and all images.

85-minutes later from the same IP; PAGE ONLY

"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)"

Note the change in both the UA and FF version.
Note; also the trailing extra space (in both visits) in the NET section.

I suppose its possible considering the area (a major metro) that these two are different users on the same IP, however the coincidence is too much to disregard.

Any thoughts?

 

adrian20




msg:4418736
 12:11 pm on Feb 17, 2012 (gmt 0)

Very sure this will not be useful to you, but I tell you my experience about it. Some time ago I was in a dilemma like this, and I realized that the time I spent on this issue with User Agent old version was just too much.

A reader of my content can not imagine how much work I have to do to make my content available to them

And sure there are people with old computers (or cell phone) that they would like to reach my content, but my math is returning some numbers to explain that the time spent is not justified

I am of those who think I do not want to be popular, I do not want a log file with 10,000 visits in one day. Instead I want 3 hits; they came, read, and left.

For you to know, FF does not enter, if not version 9 and 10

keyplyr




msg:4418757
 1:20 pm on Feb 17, 2012 (gmt 0)

IMO it's a bot spoofing the UA.

Just the fact they are calling themselves Firefox/3* is likely an indication of a Linux machine. Windows users will not use that build.

@adrian20 - if you block Firefox/3* you are blocking thousands of Linux users, office workers and other valid users.

wilderness




msg:4418772
 2:17 pm on Feb 17, 2012 (gmt 0)

The Linux reference was the one that I was unable to recall.

adrian20




msg:4418776
 2:23 pm on Feb 17, 2012 (gmt 0)

keyplyr, Thanks for the warning, I use Linux on all my machines, if the version of the distribution that is used is current. Then there is no reason for walking the internet with FF/3.

In my tests for 3 distributions, are between FF/9 and FF/10.

On the other hand, a user of Windows, you're right, I can understand that they do not update the version of the programs they use, and also less likely they walk with User Agent, as you've pointed out which.

For this reason, in my conclusion, a Linux user is more dangerous, because it knows what it does.

The other day I was in FexEX, with some diligence, meanwhile try to see my little blog from there, and I could not see this, how terrible that people who run this website, I said.

FexEX then used FF/3. Even that, I have not changed my setup because I think that people who come to read my little blog pay per minute as in FexEX, is out of their mind.

I do not want anyone reading my contents under pressure from the credit card machine. And also, someone reading my content, when their lunch, or when their boss turns to the other office.

However, I repeat what I said, very sure that my comment will not be useful.

But before I go. keyplyr, thanks for your first line, I could not reach that conclusion, although there is a short gap between request.

wilderness




msg:4418782
 2:34 pm on Feb 17, 2012 (gmt 0)

I do not want anyone reading my contents under pressure from the credit card machine. And also, someone reading my content, when their lunch, or when their boss turns to the other office.


adrian,
This diversity is what has always made this forum so interesting.

Each of us has our own specific goals and MUST determine what is beneficial or detrimental to our own website (s).

There's NO one-shoe fits all.

adrian20




msg:4418820
 3:38 pm on Feb 17, 2012 (gmt 0)

Yes, I've learned a lot reading the forum.

I want to give an example that happened an hour ago. Someone looking for information on a topic where my little blog is very popular. This reader arrive with a reference that I have it blocked, is one of those add-on that stick in your toolbar.

The user attempted several times but was blocked, then went to Bing and get to the page that wanted to read. A single page that he wanted to read, read and left.

But if I let in this add-on, then send requests without the user of the machine authorized it, or collect information to send it where it should not send it.

I have been able to identify something like this, with this antivirus Trend. Two people, two different machines do request every 11 minutes one, and the other every 21 minutes. The request is for a RSS I eliminated from last year.

Thankfully, this problem is nearly eliminated.

Right here in the forum, I caught something on the subject of the anti-virus collecting information without user authorization.

For some reason I am bound to repair computers, many times I've heard complaints from users that do not let them see a web page, and I'm not talking about mine small Blog.

In the past I've mentioned this, the Internet increasingly is adjusting to our real life.

Although we are neighbors, we just say good morning or good evening.

dstiles




msg:4418998
 10:49 pm on Feb 17, 2012 (gmt 0)

A few days ago I began logging all of FF from 3 to 9. A lot of 9 still coming in. I'll check the other versions in a week or so.

After reading the OP I decided to block FF/3.0* - I don't think that has been legit for a long time.

I also checked my "security logs" for windows firefox/3.6 and found several legit accesses, so windows users are still using FF/3.6.

Since there was a major security hole in the latest version of FF/10.0.1 (updated today to 10.0.2) there are a lot of potential victims out there, a large number of whom probably contribute to the botnets that hit our sites.

keyplyr




msg:4419024
 1:29 am on Feb 18, 2012 (gmt 0)




After reading the OP I decided to block FF/3.0* - I don't think that has been legit for a long time.

Wrong, FF/3.0* is used by thousands and thousands of Ubantu/Linux users. These are real people that buy things! FF/3.0* is the up-to-date for these OS.

dstiles




msg:4419178
 9:36 pm on Feb 18, 2012 (gmt 0)

No, it's not. 3.6 is used by (out-of-date-but-still-running) linux (it's the one I was running up until a few months ago). If they are still running 3.0 then they have not updated linux/ubuntu itself for well over a year so are a danger anyway.

I have a couple of dozen entries for 3.0 in my "suspicious" log this month and most are windows with the occasional Mac. There are a lot more in my "server-farm" log (all rejected on other grounds) including some Jaunty as well as windows.

keyplyr




msg:4419200
 10:49 pm on Feb 18, 2012 (gmt 0)

Most linux/ubantu/jaunty users will hang on to the last stable build for at least a year or so. That's just the way that community is. Just a few months ago I surveyed (via the linux newsletter mailing list) and this was the overwhelming response.

I too had tried blocking /3* for a couple weeks across several sites and found I was stopping a huge amount of legit users when I physically followed up on every 403.

Yes there are always malevolent hits coming in with the FF/3.0* UA, but, as you said, I block them with other rules.

dstiles




msg:4419382
 8:02 pm on Feb 19, 2012 (gmt 0)

You mean you never allow the update manager to patch the OS?

One thing I like about linux and ubuntu in particular is that the OS is patched almost as soon as a bug is found, as against MS who patch (usually) once a month. Firefox fell behind badly on ubuntu updates last year but even so it held to 3.6 not an earlier version until about V6 or V7. My copy of FF here is now 10.0.2. Still on Lucid, by the way.

Blocking 3* means blocking 3.6 as well as 3.0. I'm blocking 3.0* - actually, Firefox/3\.[0-57-9]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved