Forum Moderators: open
I've them crawling during may of 2008, and denied since then.
However, not sure I recall seeing one of their users switch both UA's and IP's (West coast to East Coast) this fast?
Poked around on their website for a geographical area coverage without success.
64.184.179.zz - - [14/Jan/2009:16:40:51 -0600] "GET /folder/SubFlder/mypage.html HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3"
74.77.104.zzz - - [14/Jan/2009:16:40:51 -0600] "GET /SameFolder/SameSubFlder/Samepage.html HTTP/1.1" 200 39385 "http://www.google.com/search?hl=en&rlz=1G1GGLQ_ENUS302&q=on+topic+search+widget" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)"
<CSS and page images>
64.184.179.zz - - [14/Jan/2009:16:40:53 -0600] "GET /favicon.ico HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3"
74.77.104.zzz - - [14/Jan/2009:16:40:53 -0600] "GET /favicon.ico HTTP/1.1" 200 318 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)"
It used the same malformed UA as yours and likewise got a 403 for all requests.
No IP switching in my case - but your second example seems to be RoadRunner.
Lots of odd behaviour comes from there, I assume proxy related (but just guessing).
...
"Mozilla/4.0 (compatible; MSIE 4.0; Windows NT; ....../1.0 )"
Aye to "RoadRunner" and Buffalo-RR at that. Part of the attention focus (besides the UA change) was the change from coast-to-coast in providers.
maybe you have the honor of being blacklisted by the black hats.
Nah.
More than likely my site doesn't fit the profile they're looking for like it did with the PhotoCart attacks.
The UA is Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3
[edited by: incrediBILL at 8:29 pm (utc) on Jan. 19, 2009]
[edit reason] removed specifics [/edit]
Let's keep on topic, thanks :)
