Possibly someone using Opera. Versions of Opera that display AdSense ads within the Opera browser will cause Mediapartners to visit any URL entered, regardless of whether the URL exists.

The host was 'crawler8.googlebot.com' and the UA is
'Mediapartners-Google/2.1 (+http://www.googlebot.com/bot.html)'

[webmasterworld.com...]

bcolflesh

I must be missing something, and heavens knows that is highly possible. My concern is not Mediapartners, it is the fact that it is saying it visited /?CFSplashed=yes. Since I don’t have FastClick and I have suspended all my adwords, about 2 weeks ago, I didn’t see any relevance to the link. What am I missing? I don't have a splash page. Is CF standard for something?

I don't know what the query string is looking for (ColdFusion page?), but you're not the only one:

google.com/search?q=%3FCFSplashed%3Dyes&hl=en&lr=&ie=UTF-8&filter=0

OK, I don't use CF either, obviously, duh! ;-)

What's puzzling me is that I see CFSplashed=yes after image filenames. For example : image.jpg?CFSplashed=yes

Why on earth would CFSplashed=yes be appended to a filename?

I've also noticed that most of the sites that I found indexed with CFSplashed=yes in the query string are government sites.

Well I have back links from NASA, and several .gov intranets, but I doubt they are running adwords or adsense.

Well I have back links from NASA

I'd give anything for your link pop :P

but I doubt they are running adwords or adsense.

Maybe we should ask GoogleGuy :D

What is the User Agent logged for those page views? Anyone can append a query string to any URL. Why they'd append what they did is a different question.

See my earlier message in the thread about Opera and post the User Agents for any and all calls to those pages with those query strings, with the exception of those from Mediapartners. Keep in mind the lag between a visit to a page and Mediapartners coming by can be anywhere from a few minutes to many hours so make sure you grep your logs far enough back.

Did you read msg #3?

Possibly someone using Opera. Versions of Opera that display AdSense ads within the Opera browser will cause Mediapartners to visit any URL entered, regardless of whether the URL exists.

Even images?

bcolflesh, yes, I read message #3. It's possible I'm confused, but here's the scenario I'm talking about.

User visits page with the version of Opera browser that shows AdSense ads [opera.com] within the browser. Instead of entering the URL expected by the webmaster of the site the user clicks a link or manually enters a URL with the querystring "?CFSplashed=yes" appended.

If that exact URL has never been visited by the Mediapartners bot (or sometimes if it hasn't visited it recently), it triggers it to visit at some point in the future, between a few minutes and many hours later.

The Mediapartners bot visits and is logged by the web server.

What I am suggesting is digging back farther in the web server logs for all requests for that exact URL to see whether an Opera browser user made the initial visit.

I probably should have said earlier that I've noticed the same thing on one of my sites (page with invalid querystring visited by Mediapartners and Opera was why, though I don't know *why* the user ever manually appended an odd querystring or if it wasn't manual what caused it).

[edited by: richmondsteve at 7:58 pm (utc) on Dec. 3, 2003]

panic, I haven't seen Mediapartners spider image files so I'm not sure. I removed logging of images, CSS, etc. from my log files on my servers hosting sites using AdSense so I can't even check. That does sound odd, since it should only visit a page that load's Google's remote JS code. It's technically possible to map files with image file extensions to HTML/Perl/PHP/C++/ASP, etc. though I think that has nothing to do with what the original poster brought up.

I just know that after the last update, I do not have any confidence or respect for G or their people. And since they are as big as they are, and as I see it M$ all over again, it scares the h*ll out me when I see something like this.

I mean they are so important now that the can change standards like robots.txt. It should be UA the a list of dissallows, but with mediabot, it is 180 degrees out of phase. That alone made me lose some respect for them. They should have said create a google.txt file with x, y, and z commands. Those alone sums up something.

I'm just trying to help you find out if it was due to an Opera user. Worst case you can investigate and rule it out. Conspiracy theories are fun...

Thanks, but I don't think it was an Opera user. The UA said it was the mediabot, (that's what I call it cause the real name is too long to keep typing), and it visited a splash page that I do not have, created by software that not only do I not own or have, but have never even seen.

You can spoof a Opera user as an IE user. Infact the default settings in Opera recent versions are spoofed as IE.

Yea but this was Mediapartners-Google/2.1 not Opera or IE and the IP was G's. So someone would have to do a lot of spoofing to pull a joke on me? Why waste their time. It really would not be that funny.

think that has nothing to do with what the original poster brought up.

The same could be said for all of your posts, richmondsteve.

Yea but this was Mediapartners-Google/2.1 not Opera or IE and the IP was G's. So someone would have to do a lot of spoofing to pull a joke on me? Why waste their time. It really would not be that funny.

I doubt anyone would do that, unless they were ridiculously bored, and they decided to do that to other people 4 months prior.

You might just be worrying yourself over nothing, but with Google, you just never know anymore.

>>but with Google, you just never know anymore<<

Well, not anymore anyway.

panic wrote:

The same could be said for all of your posts, richmondsteve.

panic, I wasn't criticizing you - I was just stating that even though files with image file extensions like .jpg could trigger Mediapartners I believe it would have to be the result of a .jpg file really being something other than an image, calling the AdSense JS code, which I assumed wasn't the case since you probably would have mentioned that if it was. It's possible something else could cause it, which is why I said I wasn't sure.

The scenario I described in message #14 has been confirmed to result in Mediapartners visits even if the page has never had AdSense on it. I've seen it, so have others.

Relevant WebmasterWorld thread on AdSense and Opera and the behavior I was describing [webmasterworld.com]

I realize that jim_w doesn't think it was triggered by an Opera user b/c the UA he saw reads Mediapartners-Google/2.1 (because it probably was Mediapartners), but the key is whether another machine accessed the page at some point prior to that and whether it was an Opera user (though if the HTTP_REFERER was set to something else by the user it would be hard to know for sure whether it was Opera).

jim_w, why not humor me and check your logs for *any* visits to that exact URL, with the same query string at some point in the past. I've seen the same behavior happen on one of my sites with 2 different causes - 1. an Opera user (that part I confirmed) who visited a page on my site that never had AdSense enabled and 2. someone who manually added in a stupid query string (best guess since there was no HTTP_REFERER) on a page that *did* have AdSense.

Steve, consider yourself humored. ;-))

There is no other reference to CFSplashed in my logs going back 4 months.

Here is the actual log entry.

crawler8.googlebot.com - - [02/Dec/2003:14:32:00 -0500] "GET /?CFSplashed=yes HTTP/1.0" 200 29759 "-" "Mediapartners-Google/2.1 (+http://www.googlebot.com/bot.html)"

Ok the number of bytes taken, 29759, is about the size of my index.html w/o graphics. 200 says it found CFSplashed=yes, but it could not have.

Beats me.

I'm humored. ;-) Thanks, jim_w! That rules out the two situations I'd seen. Out of curiosity I just parsed the logs of one of my sites going back to November 1. I had 5 visits (2 of which were today) from Mediapartners which called 5 separate valid URLs from the site, but with similar odd query strings appended that are not used on the site and if accessed previously, it was before I had ever touched AdSense because I checked for them going back to late June.

The query strings aren't the same as yours, but what you found and what I found could be related.

All were from 64.68.87.66 and 64.68.87.69, UA of Mediapartners-Google/2.1 (+http://www.googlebot.com/bot.html) and query strings like:

?cf0B1E0561=Q0NJQ1xUSmFja3NvbjpyZWEsbW50bG06FC
hMxrQkXgsnCET5sgWo7w==

?cf0A468C36=QkFZNVIxXGV4bmrpOmJheDVyMTq3QDMRMuZeLxHm9+NJ3Hin

I'm stumped. I'd love to know why, but it's very infrequent and it doesn't appear to be hurting anything. Odd.

Hi,

this thread made me register, try base64_decode the code!

it tells that a user named => Jackson
Using a => HTTP relam
based on => NTLM

and some more....

btw)
i 99% think it is Froogle, and not google!
try:
[froogle.google.com...]

please let me know...