Forum Moderators: DixonJones
99.99.99.99 - - [09/May/2004:23:40:44 -0700] "GET / HTTP/1.1" 200 1078 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
...always a different address, never any access to graphics contained within index.html...
What's going on?
If it was a person using a browser, there would be the "GET /", followed by "GET /images/background.jpg", etc...
If it was a web crawler, it would "GET" through all the hrefs on the index page (also probably "GET /robots.txt")
If it was a worm, it would try several different exploits...
...but instead, it just "GET"s the index.html, and exits...
What is it looking for?
Last week, I might get one or two a day... but now it's like about every 5 minutes...
...always a different address, no referrer, "GET /" and gone...
How about an email address harvester for SPAM
purposes? They would not waste time getting
images. Random addresses might score email
addresses faster than following links to much the
same addresses. Sound logical?
I think much the same thing might apply to "mystery
crawlers", ones that don't attach to genuine search
engines. - LH
They come from a variety of domains:
.go.retevision.es
.client.comcast.net
.bbtec.net
.vc.shawcable.net
.housing.hawaii.edu
.dsl.hstntx.swbell.net
...etc... looks like regular users. Hadn't thought of email harvesting; would expect the IP's to point to 'bad guy' domains if that was the case
....
Just got a couple more. So far the browser is always "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" (just re-activated the browser log field a couple hours ago)
Well, it's not hurting anything. It's just... curious.
