DDDD DDDD human? - Crawler, Spider, and User Agent ID forum at WebmasterWorld - WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

DDDD DDDD human?

lucy24

11:15 pm on Dec 27, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

There's an earlier thread talking about this UA, but it's a few years old so I thought I'd ask afresh if anyone has become any wiser.

I found this in my logs:

Mozilla/5.0 (000000000; 0; 000 000 00 0 0000000; 00) DDDDDDDDDDDDDDDDDDDD DDDDDDD DDDD DDDDDD DDDDDDDDDDDDD DDDDDDDDDDDDDDD

These were processed logs, so the obvious first thought was that the cat stepped on my keyboard just as I was hitting Return for a global replace. But detour to raw logs showed the identical form, with no referer anywhere to be seen.

Obvious second thought:
<fe>
Gee. Could this possibly be a robot?
</fe>

Further detour [webmasterworld.com] tells me that it isn't; it's intentional human obfuscation. In fact that fits in with the pattern of the visit.

In that earlier thread, jdMorgan tentatively said that the all-zeros version is Safari, while the one with mixed zeros and D's (like mine) is Firefox.

Anyone have any updated wisdom? Possibly starting with: Why would a human want to make themselves look like a robot?

incrediBILL

12:12 am on Dec 28, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Why would a human want to make themselves look like a robot?

I do it all the time to test the defenses of a site. mostly my own code.

They passed, you failed ;)

TBH, if they had included "compatible;" they probably would've slid past my defenses as well.

g1smd

12:22 am on Dec 28, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

The web's a really interesting place if you change the browser UA to Googlebot or Bing or some other well-known thing.

It's amazing how some sites return different content or hide or add stuff. :)

keyplyr

1:33 am on Dec 28, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Instead of redundant D's, I usually see 0's. In fact I see it pretty often.

Pfui

3:32 am on Dec 28, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

UAs with more than three identical consecutive zeros, Ds, or Xs (all no-case) get redirected to an info page with a Mailhide link. My experience is when that kind of obfuscation is 'legit' -- due to security suites' security and/or privacy components -- real people reply.

Obfuscations are not identical, presumably because of the underlying UA. The most recent:

This person initially reported using Safari:

Mozilla/5.0 (000000000; 00000 000 00 0 0000; 000000) DDDDDDDDDDDDDD DDDDDDDDDDD

This person further corresponded using an iPhone so this, too, may have been Safari:

Mozilla/5.0 (000000000; 00000 000 00 0 0000; 00000000) DDDDDDDDDDDDDD DDDDDDDDDDDDD

Depending on their security/privacy app prefs, obfuscation may occur with all browsers on the protected machine. I thus ask the person to either whitelist the site, or quit the app pre-visit. Voila!

dstiles

9:43 pm on Dec 28, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

My experience tends to indicate a UA obfuscated for "security" reasons - ie someone thinks it's a good idea to hide their browser or it's automatically carried out by a firewall or local proxy.

Haven't seen anything really bad from these but I tend to block them anyway.

keyplyr

11:54 pm on Dec 28, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I believe Norton (Symantec) Security Suite does that.

incrediBILL

2:39 am on Dec 29, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Doesn't matter why they're doing this, it doesn't pass my minimum browser UA filter and they'll secure themselves into a 403 page.