Mozilla/4.0 (compatible; ICS)

Forum Moderators: open

Message Too Old, No Replies

Mozilla/4.0 (compatible; ICS)

What does ICS stand for?

SteveWh

3:52 pm on Jan 15, 2011 (gmt 0)

I'm studying the advisability of banning the UA

"Mozilla/4.0 (compatible; ICS)"

Requests sometimes come in swarms of thousands, for the same page, in a short amount of time from a single IP. The single IP varies, however; that is, the swarm comes from one IP, but the IP varies.

The few I've researched look like individual broadband internet connections (cox, verizon, etc.), so I'm guessing these are hacked PCs.

There are lots of non-swarm requests from this UA from other IPs. I'm somewhat worried that those might be legitimate requests that a ban would unfortunately block, but there's *never* a referer on any of them, which makes me somewhat less worried.

Any perspective from anyone else?

Does anyone know what "ICS" stands for? The only thing I've found that looks like a candidate is Novell iChain Cool Solutions. [novell.com...]

wilderness

5:55 pm on Jan 15, 2011 (gmt 0)

Integrated Computer Solutions.

Try the letters for the domain.

The UA is merely a cache footprint.

There's certainly not any reason that couldn't use either the complete UA and/or multiple portion (i. e., begins with and ends with) for a denial, which would reduce the chance of innocents.

dstiles

9:41 pm on Jan 15, 2011 (gmt 0)

I block ICS UAs and have seen no complaints or adverse action because of it. They generally seem to come from different IPs for a given period of time.

SteveWh

10:24 pm on Jan 15, 2011 (gmt 0)

Thank you both. I decided to go ahead and block the exact full UA in my first post, but not be any more aggressive than that unless new variations turn up.

frontpage

11:02 pm on Jan 17, 2011 (gmt 0)

I have the UA blocked as well. No one has ever complained so I am pretty sure they are bots.