1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 5:15 pm May 14, 2026

Forum Moderators: DixonJones

Message Too Old, No Replies

Gets for page# and page%23

Noticed an increase of these lately

         

Dijkgraaf

12:21 am on Nov 15, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I've noticed that since the end of October and increased number of requests for pages with anchor tags, or even malformed URL's where the anchor tag has been encoded as %23.
Has anyone else noticed this?
It looks very much like some sort of bot or spider, possibly associated with a Guestbook spammer as the below log lines indicate.
The GET Requests have - for both the User Agent and Referer, and there is usually only a few requests from a particular IP, for the one with # usually spread apart by days, the one with %23 was a bit more obvious with seconds between some records and even fell into a bot trap. The POST requests usually claim to be Mozilla/4.0 or are also -.

203.71.225.nnn - - [03/Nov/2005:04:47:09 +1300] "POST /signguestbook.php HTTP/1.0" 403 0 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
203.71.225.nnn - - [05/Nov/2005:11:14:40 +1300] "GET /page.htm#what HTTP/1.0" 200 14235 "-" "-"
203.71.225.nnn - - [05/Nov/2005:11:18:09 +1300] "GET /links.htm HTTP/1.0" 200 857 "-" "-"
203.71.225.nnn- - [06/Nov/2005:15:28:57 +1300] "POST /yyy/yyysubmit.php3 HTTP/1.0" 200 3919 "http://www.example.com/" "-"
203.71.225.nnn - - [08/Nov/2005:23:43:26 +1300] "POST /signguestbook.php HTTP/1.0" 403 0 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

217.52.206.nnn- - [06/Nov/2005:02:36:18 +1300] "POST /signguestbook.php HTTP/1.1" 403 5 "http://www.example.com/signguestbook.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
217.52.206.nnn- - [06/Nov/2005:15:27:04 +1300] "POST /yyy/yyysubmit.php3 HTTP/1.1" 200 3937 "http://www.example.com/" "-"
217.52.206.nnn- - [06/Nov/2005:15:27:09 +1300] "GET /links.htm HTTP/1.1" 200 869 "-" "-"
217.52.206.nnn- - [06/Nov/2005:15:27:11 +1300] "GET /page2.htm HTTP/1.1" 200 22618 "-" "-"
217.52.206.nnn - - [06/Nov/2005:15:27:13 +1300] "GET /yyy/yyylist.php3%23O HTTP/1.1" 404 623 "-" "-"
217.52.206.nnn - - [06/Nov/2005:15:27:15 +1300] "GET /bottrap.php HTTP/1.1" 200 14679 "-" "-"

IP's and page names obfuscated to protect the inocent (or not so incocent :-)

Mokita

4:32 am on Nov 15, 2005 (gmt 0)

10+ Year Member



I've been noticing some log entries such as you describe, happening in several sites since October. All that I have seen, have both blank referrers and blank UA. None of the IPs seem to match yours, mine come from all over - China, Holland, San Francisco and Wilmington, to name a few.

Here is an example of one:

212.142.***.*** - - [14/Oct/2005:16:53:00 -500] "GET /directory/l-m.htm%23Library HTTP/1.1" 404 2030 "-" "-"

Another puzzling request I have noticed throwing a 404 in several sites for some months is /&. Again with blank referrer and UA e.g.

202.63.***-** - - [02/Nov/2005:23:12:12 -500] "GET /& HTTP/1.1" 404 - "-" "-"

(IPs obsfuscated)

Dijkgraaf

4:57 am on Nov 15, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yes, the ones I'm seeing are from all over the world as well, so possibly bot nets of some sort.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 5:15 pm May 14, 2026