Welcome to WebmasterWorld Guest from 54.196.231.129

Forum Moderators: open

Message Too Old, No Replies

Is this a site being scraped?

     
3:43 am on Nov 9, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member marcia is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Sept 29, 2000
posts:12095
votes: 0


I found this in the site stats, and since that site was being swiped from before for a long while, I'm wondering if that's what this is

/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0

3:43 am on Nov 9, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator bakedjake is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 8, 2003
posts:3783
votes: 2


No, that's frontpage extensions.
3:51 am on Nov 9, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member marcia is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Sept 29, 2000
posts:12095
votes: 0


I know, that's why I asked here. But that entire site was being downloaded by someone using Front Page last fall to swipe my kw and copy, and I don't even have FP extensions installed on any of my hosting. So how could FP extensions be showing up like that.
3:54 am on Nov 9, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 12, 2003
posts:723
votes: 0


So how could FP extensions be showing up like that.

Ask you server admin to do a trace on it.

4:07 am on Nov 9, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator bakedjake is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 8, 2003
posts:3783
votes: 2


Marcia, what was the response code by the server? Post the entire line from the log file.
4:08 am on Nov 9, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 6, 2004
posts:164
votes: 0


I see something similar in my access_log files all the time. Usually its something like:

GET /vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=6403&STRMVER=4&CAPREQ=0
GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=6403&STRMVER=4&CAPREQ=0

.. followed by the usual user agents, Mozilla (compatible; yadda..quack 4.01 ..

Sometimes this is followed by requests for form-mail stuff, all sent from
the same server. I have no form-mail at all.

I took a random .gif image and renamed it owssvr.dll,
(over the protestations of my operating system) and
uploaded that into my /vti-bin/ folder at the host.

That's so whoever it is doesn't go away completely empty handed.
I was going to take a .jpg image and rename it
cltreq.asp but I don't have an /MSOffice folder on my site.

Any suggestions? How about a table of random numbers?

- Larry

4:16 am on Nov 9, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 6, 2004
posts:164
votes: 0


I forgot something:

With the sole exception of my perverted owssvr.dll file,
all the bogus requests return a 404 error.
Except for some tiny bandwidth, no harm done I suppose.

I would really like to know who does this and why in any case.
Somebody suggested email spammers once. and I'm hoping it isn't something even worse.

-LH

5:02 am on Nov 9, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member marcia is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Sept 29, 2000
posts:12095
votes: 0


I've got no /vti-bin/ on my hosting, but this is a different issue. I looked for the IP number, then remembered about checking it out at Sam Spade. It's a Verizon DSL user.

>>I'm hoping it isn't something even worse.

What I'm now figuring this is, seeing it's an ISP and looking again seeing that it's one section of the site, is that it was the pages being grabbed. Yahoo must have just updated, the site moved up from #3 to #1 for that keyword. So whoever it is must have decided they like it because apparently they went through that whole particular subdirectory on the site.

I'll have to keep tabs now, and I'm no techie but remembering the months of aggravation last year, if it's the same party, rather than disallow the whole IP again, it might be time to get a little creative.

5:20 am on Nov 9, 2004 (gmt 0)

Full Member

10+ Year Member

joined:Oct 9, 2002
posts:245
votes: 0


This thread [webmasterworld.com] and the link therein indicate that it's microsoft office with "web discussions" enabled.