false username in log

Forum Moderators: DixonJones

Message Too Old, No Replies

false username in log

site is not password protected

Finder

8:53 am on Dec 12, 2002 (gmt 0)

The log file is showing a login for a username "9887520" to a site that is not password protected. They never got a 401 login prompt, obviously.

It looks like IE on an NT machine:

Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)

However, they did not load images or the css file. The IP resolves to an Israeli telecom.

Was this some kind of hack attempt, a bot, or a browser anomaly?

sugarkane

11:41 am on Dec 16, 2002 (gmt 0)

A strange one... was there just one page request using that username, or several?

Finder

11:21 pm on Dec 16, 2002 (gmt 0)

There were three requests -- the home page and then two more. Also, I just noticed that the requests to dynamic pages had "&" in them as if it were a bot too stupid to translate the code.

I still haven't figured out what happened. Is it possible for a bot to send a request that looks like a logged-in user?