Welcome to WebmasterWorld Guest from 220.127.116.11
00.0.000.000 - - [02/Aug/2007:04:15:41 -0400] "GET /forum/style_imag HTTP/1.1" 404 2941 "http://127.0.0.1:4664/preview?event_id=131568&schema_id=2&q=runtz5&s=000000000000000000000000000" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20070725 Firefox/22.214.171.124"
Note that I have edited the suspicious servers IP.
What ever application this is caused many 404 errors while attempting to access the directory listing of images directories.
I searched Goo and Msn but only found server logs referencing it but no word on what software application it is.
I'm not sure why?
Best thing you could do is deny the range, although that wouldn't remove the long request lines from your logs.
It's just somebody running some type of local script on their machine ""http://127.0.0.1".
There are many different types of scripts in various languages that are run and we never really find an answer to what exactly the script does.
In many instances we're able to determine a software name, however even that doesn't provide what the script is actually doing or "looking for".
"Note that I have edited the suspicious servers IP."
I'm not sure why?
I edited the IP address because people here freak out when you use real life examples.
I can deny it using Mod Security. Denying by IP would be inefficient as there are apparently many IP addresses using this software out in the wild.
I was just curious as to what this thing is. It was trying to access a image directory for a forum which is the default images used by thousands of other boards.
Experience has taught me to take an action against visitors whose procedures are not within the guidelines of acceptable practices.
As a result "should" a visitor or visitors make an attempt to harvest images from my image directory (or any other directory)I would initiate an action aganist both the User Agent and the IP range.
The above makes for sound security, after all, why allow access to a visitor that is either looking for flaws in site (s) or attemtping a hack or harvesting.