Welcome to WebmasterWorld Guest from 50.19.0.90

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

Songbird/0.1

Botnet, Controlled?

     
2:11 am on Mar 15, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2004
posts:1665
votes: 35


Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060206 Songbird/0.1

comes in bunches from various IPs 5 to 10 seconds apart

seam to access index page, contact and guestbook, no image requests.

172.188.192.n
201.45.221.nnn
201.52.187.nn
201.80.176.nn
209.160.32.nnn
217.159.200.nnn
66.199.242.nn
66.68.43.nn
66.75.52.nnn
68.46.248.nnn
70.244.17.nnn
70.252.137.nnn
72.0.186.nnn
74.57.67.nnn
76.181.17.nnn
84.122.42.nn
84.94.192.nnn
86.20.235.nnn
90.157.152.nnn

I know Songbird is a little App for music, but why post data to guest book and contact page

[edited by: volatilegx at 12:57 am (utc) on Mar. 16, 2007]
[edit reason] obfuscated ip addresses [/edit]

8:21 am on Mar 29, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:May 14, 2003
posts:376
votes: 0


why post data? well, i think you've probably got the right idea with the botnet thing... it is likely a pr0n spammer's botnet attempting to build backlinks... are the requests GETs or POSTs? i've seen many recent attempts at cross site scripting to pull in php shell code to try to root into a system... luckily my SNORT traps them and let's me know about it... if these are done in POSTs, you generally can't see them in the logs... GETs on the other hand do show... in my case, though, SNORT blocks them before they even get to the web server ;)
10:42 pm on Apr 8, 2007 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14621
votes: 85


It's a spambot.

64.246.18.nnn "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060206 Songbird/0.1"

Went directly to a page to POST information, no other accesses.

10:44 pm on Apr 8, 2007 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14621
votes: 85


The IP that I posted was from ev1servers.net, botnet very likely.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members