I've had the PHP thingy.

It doesn't come often and only grabs a page oor two.

Try running this:

<?
$f=file("http://something.on.your.site");

I got the same PHP user agent but followed by
a version number.

Is it possible that the PHP useragent is created by a parse error? If it's abuse it's abuse, but if it's not...

Does anyone have the "PHP" ua hitting non php files (and if there is a referer that it not use php in any way shape or form)?

2005-10-10 02:19:26 W3SVC0000000000 SERVER000 00.00.000.00 GET /example/example.asp BrowsCapINI 80 - 00.000.000.00 HTTP/1.0 PHP - - 200 0 0 244180 97 8640

This is a frequent visitor. PHP is the user agent. There is no referrer. It requests the same .asp file every time it visits. Is this what you were looking for?

I need to add a disclaimer of sorts. PHP recommends one of my sites as the authoritative source for a specific file so I get a lot of user agents with PHP in them, and a lot of referrers from official PHP sites.

The ua I see most often with PHP in it is PHP/4.1.2 and it requests the same file as above.

Have you done any ip abuse lookups? I should have thought of that myself!

I've looked up the ips of these agents and they all get red listed! From what I've seen they also seem to be preceded (at least from the instances I've just looked up) by a blank useragent.

Virus writers will often create a virus named as an os specific file to add confusion with scanners and people looking to clean them out. It does not surprise me the scum terrorists of the internet would use the same tactics in useragents for goodness sakes!

New Rule - If someone is accessing my website clientside and are a serverside technology they can go to hell.

Of course, where will the cowards operate next? Where do the wars of the 21st century operate? Load up! We're going in to town! ;)

I've looked up the ips of these agents and they all get red listed!

How are you obtaining abuse information about the IP Address? I'm only familiar with abuse dot net for checking domain names.

Load up! We're going in to town!

The only sort of load you'll need for most of the wars in the 21st century will, I think, be industrial-strength load balancers. ;)

If we're blocking useragents and the borg adapt, what do you think they will do next? Of course everything they can do I have found (at least conceptual wise) a way to counter. It's just a matter of learning programming at various levels to overcome their threat. (This is what I mean by city threat).

You can use sites like dnsstuff for abuseip lookups. :)