Forum Moderators: open
After someone apparently used a browser to visit MSN's Astrology / Chinese Readings page -- which does not have a link to my site, btw -- "TAIS Pinger" simultaneously looked for MSN's files on my server:
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /images/Top_piece.gif HTTP/1.1" 302 227
"<url snipped>"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /msn/images/bulletSq.gif HTTP/1.1" 302 227
"<url snipped>"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /css/astrocenter.css HTTP/1.1" 302 223 "-" "TAIS Pinger"
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /msn/JS/ast.js HTTP/1.1" 302 223 "-" "TAIS Pinger"
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /images/signs/Monkey.gif HTTP/1.1" 302 227
"<url snipped>"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /images/spacer.gif HTTP/1.1" 302 227
"<url snipped>"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /images/bulletSq.gif HTTP/1.1" 302 227
"<url snipped>"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /msn/images/spacer.gif HTTP/1.1" 302 227
"<url snipped>"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /images/CenterLogoMx9.gif HTTP/1.1" 302 227
"<url snipped>"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /images/signs/ch_Monkey.gif HTTP/1.1" 302 227
"<url snipped>"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /images/gradAq.gif HTTP/1.1" 302 227
"<url snipped>"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
example.com - - [25/Apr/2006:10:12:20 -0700] "GET /images/Chinese_titlebar.gif HTTP/1.1" 302 227
"<url snipped>"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
(Note: I custom error-redirect all 404s, thus the 302s.)
Aside from hits in logs, the only G info I found re "TAIS Pinger" was here [72.14.203.104] (emphasis mine):
>>
We're running ISA Server 2004 on Windows 2003 Server with SQL Logging and
want to query the log for only the first domain page that they hit on a site
or, if necessary, each new page that they hit on the site so that we can
identify users->pages with a minimum of storage.
What can we query on to do this? Have tried the following, but with only
limited success:
left(uri,4) <>".jpg" And left(uri,4)<>".gif"... and ClientUserName <> "anonymous" and ClientAgent <> "TAIS Pinger"
<<
Poor ID, loose with privacy (I know a lot of my regulars by Host/IP), no info, nothing but errors means (wait for it:) --
Ban-worthy in my book.
[edited by: volatilegx at 4:16 pm (utc) on April 26, 2006]
[edit reason] removed URLs [/edit]
(Note: I custom error-redirect all 404s, thus the 302s.)
Warning: That's a pretty serious error, returning a 302 instead of a 404. That tells the requestor that the requested URL *is* available from your server. You should return either a 404, a 410, or a 403, and nothing else.
Jim
I know you're right and that my 302 thing drives you nuts, Jim (sorry!) and that it's technically Not a Good Thing to do. But -- there's always a but -- it's kind of like a Death Row appeal for all visitors in case there's an innocent (read: real person) in the bunch.
(Having an htaccess file compiled of way too many sections cobbled together over way too many years makes me inclined to err on the lenient side, particularly when I'm tweaking things, which is way too often.)
If it's any, erm, consolation, in the last week or so I've been head-banging [webmasterworld.com] over beefing up my SetEnv sections so I can send all of the Known Bad Guys straight to server-generated 403 purgatory.
And I can't tell you how many times I've referred to your regex recap [webmasterworld.com] cum mantra:
^Agent = Must start with "Agent" (may be followed by any number of characters)
Agent$ = Must end with "Agent" (may be preceded by any number of characters)
^Agent$ = Must exactly match "Agent" (no additional characters allowed for a match)
Agent = Must contain "Agent" (may be preceded or followed by any number of characters)
So thank you for that, and for slapping me upside the head (yet again:) about the 302s. And please know that I really am sorting out (read: learning) how to send the proper codes to the bona fide Bad Guys.
Now if I can only figure out what in the heck to do with the now-constant "partials [webmasterworld.com]." Plus I'm now getting loads of real people via 'bad' (never asked for robots.txt) Google IPs. So many hits that I ended up removing a bunch of G's IPs from SetEnv because real people were getting 403s. So now they get 302s --
(SLAP)
Hey! I'm workin' on it! I'm workin' on it!
: )
