Forum Moderators: open
UA - Comodo HTTP(S) Crawler - [instantssl.com...] [whichssl.com...]
IP - 81.2.119.210
Just wanted to know if anyone had any info about this crawler.
Maybe forum spammer too.
217.228.9.195 - - [29/Apr/2003:18:40:16 +0100] "HEAD / HTTP/1.1" 200 0 "http://traffixer.com/instantssl.html" "InstantSSL Browser: low cost fully validated SSL + free trial"
Not sure, but my guess is that you are being hit by a log spammer.
In a seperate discussion in this same forum, Littleman has suggested not posting log spammers messages. Not to get on you- there is not an "official" policy on this sort of thing. I just wanted to note that as we see more log spammers, the powers that be may want to take a look at instituting a policy on including full UA's for log spammers (or potentional log spammers).
I have a feeling we are gonna see a lot more of this!
I have a feeling we are gonna see a lot more of this!
Ooohhh yeah. Had one last night from a firewall company and I promptly fired off a message regarding the 'no-no'(s) of log file spamming.
Their reply was that I did not know how to read my access_log files and how I shouldn't call it 'spam' if I didn't know what I was talking about. <chuckle> Go ahead, tell me I'm wrong......
Sent him this...
[google.com...]
...in response. That was the last I heard anything from them. :)
Pendanticist.
Chuckle is right! You- not know how to read your logs? Double-chuckle!
I notice- at least in your excerpt- he did not DENY that he was spamming... Triple-cahort!
I was just discussing with Jim via PM's the order of blocking UA's in one's htaccess or httpd.conf file.
Once I notice a log spammer.... thier UA is the FIRST thing in my hierarchy of block lists/mod_rewrites. I do NOT 403 them- then they would still be in my logs. I give them a "wait 30" and then a "wait 30" then I send them off to a black hole... waste their time, and they NEVER hit my logs at all.
dave
