homepage Welcome to WebmasterWorld Guest from 54.234.74.85
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
Firefox Browser just passing through
lucy24




msg:4571676
 9:47 pm on May 7, 2013 (gmt 0)

This is one of those under-the-radar robots. Logs tell me they've stopped by periodically since late June of 2012, but I never noticed until they ventured beyond the front page. (I am not a front-driven site-- in fact until recently I didn't even have a front page-- so I generally ignore requests for / alone, even without robots.txt.)

Disclaimer: I realize that the following is equivalent to "a man in his thirties, average height, average weight, brown hair, no distinguishing marks". But you never know.

IP: 207.172.209.16 (exactly)
UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 (always)

Considering FF's recent behavior, this alone is enough to raise suspicion: the same version for over 10 months? At the time of their first visit, FF was just starting its update binge; the current version was 13.0 but 12.0 was no more than 2 months old.

WhoIs says they belong to RCN Corporation, which is apparently a regular human ISP. The main cause for suspicion is that they're based in Herndon, VA.

Hm. Maybe it's time to add Old Firefox to the Old MSIE group. (Redirect to a page that says "I'm sorry, but the server thinks you are a robot." No links; captcha for e-mail. Exceptions for one directory and a couple of IP ranges.)

 

wilderness




msg:4571718
 2:00 am on May 8, 2013 (gmt 0)

The main cause for suspicion is that they're based in Herndon, VA.


Hey lucy,
RCN is of course based in Hendron.
This IP is Brookline., Mass, however please keep in mind the GEO's are less-than-accurate.

I had the same visitor and subsequent returns, in June of 2012.

207.172.209.16 - - [25/Jun/2012:19:39:21 +0100] "GET / HTTP/1.1" 200 6010 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"

I added a deny at that time.

I've a couple of older references to different RCN IP's (2003 & 2006).
The 2003 was doing HEAD checks.

I've two other RCN ranges denied.

RCN is likely the provider for some type of mobile device.

dstiles




msg:4571983
 6:50 pm on May 8, 2013 (gmt 0)

I also have 207.172.209.16 going back to June 2012 - 56 hits so far, which is large for my small server.

Also 207.172.191.39 banned Feb/Mar this year for over 70 hits.

I think these are "bad users" rather than ISP activity.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved