1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 9:22 pm May 4, 2026

Forum Moderators: open

Message Too Old, No Replies

Requests for logfiles

Whois DE

         

caribguy

4:24 pm on Oct 27, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



This may or may not be related to the MSN Cloaked Bots [webmasterworld.com] thread, in terms of recent requests for non-existing logfiles.

I saw this pattern for various sites:

http://www.example.com/estadisticas/usage_201007.html
http://www.example.com/statistiche/usage_201007.html
http://www.example.com/logs/usage_201007.html
http://www.example.com/statistik/usage_201007.html
http://www.example.com/stats/usage_201007.html
http://www.example.com/webalizer/usage_201007.html
http://www.example.com/webstat/usage_201007.html
http://www.example.com/webstats/usage_201007.html
http://www.example.com/usage/usage_201007.html

"GET /estadisticas/usage_201007.html HTTP/1.1" 404 123 "http://www.whoisde.de" "Mozilla/5.0 (compatible; [whoisde.de...] +http://www.whoisde.de)"

Originating from: 193.201.54.nnn

193.201.52.0/22 (FirstDedicated Data Communications AG)

Pfui

3:10 am on Oct 28, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



In mid-September, I saw similar hit patterns (8 hits; 9 hits; reverse chrono below) and log-spamming self-refs via that UA to two disparate sites. (Aside: I don't see any similarities to the other thread's 'MSN bare IPs/cloaked bots' /access_log, etc., thing.)

Mozilla/5.0 (compatible; http://www.whoisde.de/2.1; +http://www.whoisde.de)

/usage/usage_201007.html
/webstats/usage_201007.html
/webstat/usage_201007.html
/webalizer/usage_201007.html
/stats/usage_201007.html
/statistik/usage_201007.html
/logs/usage_201007.html
/statistiche/usage_201007.html
/estadisticas/usage_201007.html

Mozilla/5.0 (compatible; http://www.whoisde.de/2.1; +http://www.whoisde.de)

/usage/usage_201007.html
/statistik/usage_201007.html
/webstats/usage_201007.html
/webalizer/usage_201007.html
/stats/usage_201007.html
/usage2/usage_201007.html
/log/usage_201007.html
/logs/usage_201007.html

Haven't been to the string's site; don't particularly care to. All hosts/IPs hail from German server farms, including abovenet.de and Megaspace.

My solution?

I'm so tired of PHP exploit probes and ZmEu rootkit relays that the CIDR involved above went straight from mod_rewrite 403s to a firewall killfile. (Muaha-ha)

Staffa

10:53 am on Oct 29, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Had one visit today asking for :

/usage/usage_201007.html
/webstats/usage_201007.html
/webalizer/usage_201007.html
/stats/usage_201007.html
/statistik/usage_201007.html
/logs/usage_201007.html
/statistiche/usage_201007.html

Mozilla/5.0 (compatible; [whoisde.de...] +http://www.whoisde.de) - [whoisde.de...]

coming from two different IP nrs of the 62.80.124.nnn range

inetnum: 62.80.124.0 - 62.80.127.255
netname: MEGASPACE
descr: Megaspace
country: DE

Dijkgraaf

12:19 am on Nov 1, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yes, I had visit from that one on the 6th of September from 62.80.126.nnn
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 9:22 pm May 4, 2026