Welcome to WebmasterWorld Guest from 188.8.131.52
65.210.123.zzz - - [05/Mar/2009:07:28:44 +0000] "GET /MyFolder/MyPage.htm HTTP/1.1" 403 998 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3"
60.230.101.zz - - [05/Mar/2009:07:28:44 +0000] "GET /SameFolder/SamePage.htm HTTP/1.1" 403 998 "http://au.search.yahoo.com/search?p=widgets" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)"
now my block ip list have
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; MSN 9.0;MSN 9.1;MSN 9.6; MSNbMSNI; MSNmen-us; MSNcIA)
I can't recall ever e-mailing re access with MSN folks other than employees using their 'tide' servers so beats me who/what this was. Well, if they come back, they'll have a chance to e-mail for access:)
In other words the MSN user is not using the standard offline browser on their local machine.
Whether this online version offers configuration options (or even the selective portions in your example) is unknown to me.
From what I remember they are a part of Microsoft but are from specific depts like Media, Entertainment that sort of thing. I have not seen any info that suggested they are a problem. They just seem to be operating separately so they can keep track of one specific area and be able to provide users with more information on that one subject.
And my log from those days has all of them like this:
Guest IP: 65.55.107 or 109 or 110.000 Whois
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)
I see from one post up there that this hasn't changed:
Until we put a stop to it we were getting bunches of those busy little fellas/gals.
Don't know if that'll help anyone, but ...
@wilderness: Does that mean it's a real person intentionally or unintentionally doing odd things? (I guess I don't know what 'web-access of their MSN account' means
Somewhere there's another thread in which I inquired regarding these UA's.
I had a portions of my limited white-listing that was denying them access and it was quite difficult to make a determination of precisely what line what was the cause.
I've widget users who are constantly on the road (AOL; aside below) these users need local dial-ups across North America.
(It's similar to users that only use their YAHOO email portal to access the web)
In some instances they use their own laptop in their traveled location and in other instances they may use another's machine.
When they access their MSN account the UA variations are added and are different from when they are home-based. . . and when they access their account without using the MSN web-access-portal (i. e., IE and OE a with direct ISP-POP configurations).
Please forgive me as I'm not aware of terminology for the difference in this access.
Here are five of the added UA's that I accumulated in April 2008 (I've since since more variations):
MSN Optimized;US; MSN Optimized;US
MSN 9.0;MSN 9.1; MSNbMSNI; MSNmen-us; MSNcIA)"
MSN 9.0;MSN 9.1; MSNbMSNI; MSNmen-us; MSNcOTH)"
MSN 9.0;MSN 9.1; MSNbQ002; MSNmen-us; MSNcIA)"
MSN 9.0;MSN 9.1; MSNbVZ02; MSNmen-us; MSNcOTH)"
I've many widget users that have kept AOL accounts for years because of the traveling access of dial-ups.
This past year, I'd simply has enough of AOL (when visitors were refreshing pages 10 or 20 times in succession within second or AOL was caching items (pages and images) that I did not desired cached and place restrictions on AOL visitors.
In the first instance I reported above, the browsing pattern was not similar to that of a real person, so regardless of their UA and the reason for an IP-only access point/portal, 65.54.154.nn, is maybe-suspect.
The second instance, with someone/thing clearly botrunning, makes 65.55.232.nn definitely suspect.
Doing a dual trip ip<->rdns brings up no host so on one server I block access. I checked on some other servers with heavy traffic and all the requests from that ip range belong to bots. I also checked for the UAs Don mentioned, (like MSNmen-us) lots of these requests are people as far I can see they come from all over the place. Few of the requests with these UAs had a bot behavior, so it's not something I rely on to block/allow access.
Even the ip/dns verification has failed in several cases where real people were behind incorrectly configured servers but they did place legit orders.