Could you post a UA string? There are a bunch of stats pages, but that's about all I see.

Hello,
Here are two log entries :

213.221.95.x - - [23/Feb/2005:20:26:12 +0100] "GET mime/markup/php/links_en/links.php HTTP/1.0" 400 1750 "-" "glx v0.1" 0
66.209.65.xx - - [26/Feb/2005:20:03:32 +0100] "GET mime/markup/php/how_to_en/how_to_system_en/how_to_system_11.php HTTP/1.0" 400 1750 "-" "glx v0.1" 0

It showed up 28 times between last nov and now. There is no definite IP. Some are blacklisted, other are not. some are proxy, some are server IPs. Eache request will issue a "400 Bad request".

I occasionally get 404 errors from "glx v0.1" caused by it omitting the slash before the page name. It's usually only one reference per week or so, and a different page each time. Very strange. For example:

68.96.19.114 - - [25/Mar/2005:07:02:17 -0800] "GET news.php HTTP/1.0" 404 13649 "-" "glx v0.1"

Steve

Read here [sgi.com].

Sorry, that's something else entirely that happens to also be called GLX.

SGI's GLX is something different.
Still not a clue about "glx v0.1"...

I'm getting several per week, all from glx v0.1 with the slash omitted. IP addresses are 217.64.193.26 and 217.64.193.130. On checking these I get a page "Sito in costruzione".

<added>A Whois search gives the IP as belonging to the SEEWEB Hosting Company based in Italy.</added>

I've had three visits from them as well, but coming from the USA, Belgium and Malaysia.
It is forgetting to put the slash before the page, so is getting 400 errors. I've tentatively labelled it a spam harversting bot due it trying to fetch my guestbook all the time. Not that bots can actually see any e-mail addresses in my guestbook :-)

Two visits...
www.xyz.co.uk 207.241.138.xyz - - [04/Jun/2005:19:28:17 +0100] "GET shop/faq.php HTTP/1.0" 400 267 "-" "glx v0.1"
www.xyz.co.uk 217.64.193.xyz - - [05/Jun/2005:06:32:42 +0100] "GET shop/faq.php HTTP/1.0" 400 267 "-" "glx v0.1"
...but no other associated activity recorded from those IPs (USA,Italy).
I don't have email addresses on my sites, so there are none to harvest.
Its signature appears all over the net in various logs (Google).
Perhaps it's a footprint marker, similar to those favoured by spraycan graffiti artists?

What really puzzles me is that some of the hits from this agent are to valid pages, and that there are so few accesses. Just one page here and there at widely scattered times. It doesn't act like a bot nor does it act like a human user.

On the lighter side it seems like it might be a signature marker.
On the darker side it might be an intelligence gathering probe...

I've found a few more log entries: 5 in one month, 4 from seeweb (Italy). Seeweb appear in Google mainly as a host which once was cited by Netcraft as being 'reliable' back in 2004 by dint of a low failed request statistic.

All for proper and commonly viewed pages.

All without the preceding forward slash to deliberately(?) provoke an error response. My stats do not go out to line. So, if it's all a signature marking exercise, then it'll be going somewhat pear-shaped in my aegis. For good measure I've also added the signature to my referrer spam .htaccess clauses.

Incidently just HOW does one go about sending out page requests in this errorsome manner?