Welcome to WebmasterWorld Guest from 54.242.206.44

Forum Moderators: Ocean10000 & incrediBILL & keyplyr

Message Too Old, No Replies

ucsb seclab crawler

     
10:24 pm on Jan 10, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2038
votes: 1


Academia should strive to uphold standards, not erode them.

192.35.222.136
ucsb seclab crawler

URI: /
robots.txt? NO

192.35.222.136
= University of California, Santa Barbara, Office of Information Technology
= Threat Level 17 [projecthoneypot.org...]

seclab = The Computer Security Group at UC Santa Barbara = http://seclab.cs.ucsb.edu/
11:14 pm on Jan 10, 2012 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6092
votes: 75


Academia should strive to uphold standards, not erode them.


Agreed, however being an academic gives insight that student projects often ignore the very curriculum built from those standards.
11:53 pm on Jan 10, 2012 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3100
votes: 3


I have 192.35.222/24 blocked since last Jan.
8:40 pm on Jan 14, 2012 (gmt 0)

Junior Member from US 

10+ Year Member

joined:Nov 30, 2002
posts:162
votes: 0


I have 192.35.222/24 blocked since last Jan.

Same here.

A few other characteristics about their connections that stand out:

$_SERVER['HTTP_FROM']='seclab@cs.ucsb.edu';
$_SERVER['HTTP_USER_AGENT']='Python-urllib/2.6';
$_SERVER['HTTP_USER_AGENT']='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)';
11:12 pm on Jan 14, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:12999
votes: 289


The MSIE 6 alone would get them rewritten to a custom page. "Boy, what a boring site. Every single page just says 'I think I don't like your face'."
3:17 am on Jan 22, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2038
votes: 1


FWIW: Infected machine at the so-called Security Group, too. URI=REF and tried POST to botbait:

192.35.222.29
ucsb seclab crawler

"GET /botbait/ HTTP/1.1" 200
"POST /botbait/ HTTP/1.1" 405 "http://www.example.com/botbait/"
8:58 pm on Jan 22, 2012 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3100
votes: 3


I blocked that /24 almost exactly a year ago! :)

I see a lot of spam and "hacks" from domains claiming to be "security", most of them from compromised servers. :(
9:02 pm on Jan 22, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


The
urllib
in the UA is more than enough to see all accesses bounced to oblivion here...
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members