Welcome to WebmasterWorld Guest from 54.161.201.189

Forum Moderators: Ocean10000 & incrediBILL

ucsb seclab crawler

   
10:24 pm on Jan 10, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Academia should strive to uphold standards, not erode them.

192.35.222.136
ucsb seclab crawler

URI: /
robots.txt? NO

192.35.222.136
= University of California, Santa Barbara, Office of Information Technology
= Threat Level 17 [projecthoneypot.org...]

seclab = The Computer Security Group at UC Santa Barbara = http://seclab.cs.ucsb.edu/
11:14 pm on Jan 10, 2012 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Academia should strive to uphold standards, not erode them.


Agreed, however being an academic gives insight that student projects often ignore the very curriculum built from those standards.
11:53 pm on Jan 10, 2012 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



I have 192.35.222/24 blocked since last Jan.
8:40 pm on Jan 14, 2012 (gmt 0)

10+ Year Member



I have 192.35.222/24 blocked since last Jan.

Same here.

A few other characteristics about their connections that stand out:

$_SERVER['HTTP_FROM']='seclab@cs.ucsb.edu';
$_SERVER['HTTP_USER_AGENT']='Python-urllib/2.6';
$_SERVER['HTTP_USER_AGENT']='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)';
11:12 pm on Jan 14, 2012 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



The MSIE 6 alone would get them rewritten to a custom page. "Boy, what a boring site. Every single page just says 'I think I don't like your face'."
3:17 am on Jan 22, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



FWIW: Infected machine at the so-called Security Group, too. URI=REF and tried POST to botbait:

192.35.222.29
ucsb seclab crawler

"GET /botbait/ HTTP/1.1" 200
"POST /botbait/ HTTP/1.1" 405 "http://www.example.com/botbait/"
8:58 pm on Jan 22, 2012 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



I blocked that /24 almost exactly a year ago! :)

I see a lot of spam and "hacks" from domains claiming to be "security", most of them from compromised servers. :(
9:02 pm on Jan 22, 2012 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



The
urllib
in the UA is more than enough to see all accesses bounced to oblivion here...
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month