What are bots looking for with /&

Forum Moderators: DixonJones

Message Too Old, No Replies

What are bots looking for with /&

Recurrent requests for /& causing 404 errors in several sites

Mokita

11:53 pm on Sep 21, 2005 (gmt 0)

Some months ago many of our sites had requests for /& (root plus ampersand) causing 404 errors.

Now it is happening again, the IP is in Taiwan and raw logs show both blank Referer and blank UA.

What are they looking for? The request doesn't seem to make any sense to me.

JAB Creations

3:08 am on Sep 23, 2005 (gmt 0)

Blank useragents = spammers.

I know JDMorgan over in Apache has suggested aol proxy servers don't use useragents but I have yet to use a spam lookup for blank useragent/ip association that was no listed on a spam list.

So basically you will want to DENY access to your site to blank useragents. Why should you open your door to your house if I knock, you ask who I am and I don't tell you?

Mokita

3:41 am on Sep 23, 2005 (gmt 0)

Blank useragents = spammers

Mmm, maybe. But that is what is puzzling me. If they are spammers what is the point of provoking a 404 error in numerous sites then leaving immediately?

Aren't spammers looking for email addresses or other vulnerabilities? What vulnerability involves simply an ampersand or 404 response?

keyplyr

5:30 am on Sep 25, 2005 (gmt 0)

Blank useragents = spammers

Or Firefox users with the User Agent Switcher extension and the chosen agent field blank.