Jim,
Long time since we conversed :-( Er keyed!

On June 30, I had this UA from two entirely differnt US IP's ( Apsecure Technologies & RAGING WIRE FON ) grabbing the same pages consecutively from both IP's on two of my sites.

If you desire the IP's, sticky me.

Don

I have been of two minds about this one for a long time. I've finally decided to ignore it for a few reasons.

After doing some research I have found that their technology is used by quite a few firewalls such as SonicWALL, proxy products like MS ISA Server, and software firewalls like ZoneAlarm.

They have service points in Sacramento, Salt Lake City, Japan and UK which may be why you are seeing them come from Taiwan (?)

I also noticed that they are not actually crawling. They ask for things like www.mycoolsite.com/img which must be preconfigured in the software because it doesn't exist on my server. Their visiting is often triggered by a visitor to my site. Apparently the software can make decisions on the fly.

If they are unable to categorize the site it will be automatically denied to the surfer by the employer-no matter what. At lease if the site is categorized and if the employer says the category can be surfed during work hours I have half a chance.

My 2 cents.

Cerberian Drtrs triggered my spider trap yesterday, means it tried to access a spider blocking page banned in robots.txt, IP 65.245.****.xxx from uunet technologies, which seems to be related to mci somehow. Don't know anything more.

There was probably a 301 redirect involved though I didn't check the actual log files, but I do have that running.

i have just seen this user-agent when making a request to install an application on a mobile phone.

I was doing some testing of a mobile application we are developing and so was watching the action.

I was using Vodaphone in the UK. It made a request right before the phone connected. The phone request definately triggered it because it was for a test script i was using.

GATEWAY_INTERFACE : CGI/1.1
HTTP_ACCEPT : text/plain, text/html, text/xml, text/vnd.wap.wml, application/vnd.wap.wmlc
HTTP_ACCEPT_LANGUAGE : en, *;q=0.7
HTTP_CONNECTION : Keep-Alive
HTTP_USER_AGENT : Mozilla/4.0 (compatible; Cerberian Drtrs Version-3.1-Build-16)

Does that help anybody?

This is Vodafone's content control in action - they appear to be using Cerberian for this, and judging from my own logs and those of some other sites, mainly aimed at mobile phones/devices, it seems that for almost every request from the phone/device/datacard, an equivalent request from Cerberian is issued. The request from Cerberian is presumably handling content control (blocking adult sites etc.).

Vodafone has introduced content control in the UK a few weeks ago, not sure about other countries and/or operators.

HTH,
Mario.

68.142.141.220 - - [26/Aug/2004:10:36:44 -0700] "GET /myfolder/mypage.html HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; Cerberian Drtrs Version-3.1-Build-17)"
207.254.193.174 - - [26/Aug/2004:10:36:44 -0700] "GET /myfolder/mypage.html HTTP/1.1" 200 41576 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"

217.169.46.98 - - [10/Sep/2004:13:22:36 -0700] "GET /myfolder/mypage.html HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; Cerberian Drtrs Version-3.1-Build-16)"
208.24.160.15 - - [10/Sep/2004:13:22:48 -0700] "GET /SAMEfolder/SAMEpage.html HTTP/1.0" 200 12007 "http://www.google.com/search?q=my+page+content&hl=en&lr=&ie=UTF-8&start=10&sa=N" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

Don, I'm not sure I get the pattern.

Hey Dan,
There's no pattern.
The last submission to me hardly allows for any use related to mobiles phones as previously suggested.

Especially since the last submission are time consecutive attempts from two different continents.

Although I personally have the UA denied access, I'm more inclined to believe Ciberian to be a harvester rather than a useful tool.

Of course this is not necessarily limited to mobile phones, it just happens that this is where I've first seen it. Other (non-mobile) use is pretty much guaranteed (this company just supplies content filtering software).

All I can say is that I have replicated this with my own mobile - access my site with content filtering "on" will show these entries, switching it off will make them disappear.

[cerberian.com...] may be useful if someone feels like they can be bothered to follow up on it and find out what exactly they do.

There's no pattern.
The last submission to me hardly allows for any use related to mobiles phones as previously suggested.

I'd have to agree with you, Don. Why post about it though? The last entry doesn't look suspicious to me in any way, other than the fact that it requests the same file as the preceeding Cerberian entry. Note the preceeding entry is 12 seconds earlier.

Dan,
The page contains an article which was published in 1954 and includes a quote from an author (sort of a poem) from 1920.

Successive log enries/requests for this page (and many others like it) on one of my sites are NOT conicidence. Especially when the 1st request was denied from RIPE and the suceeding request was allowed from ARIN.

Had my logs reflected a multitude of requests either that same day or over a few days (this happens frequently in many of the page/articles I have online,) than it would provide some possible connection to a news release or similar mention which might prompt internet searches for this specific content, that was not the case in this instance.

As a result, the only conclusion for me to draw is that even though on the surface you and I might percieve these two visits to be unrealated, they in fact are related and the same visitor. With different IP's from different continents.

Don