ucsb seclab crawler

Forum Moderators: open

Message Too Old, No Replies

ucsb seclab crawler

Pfui

10:24 pm on Jan 10, 2012 (gmt 0)

Academia should strive to uphold standards, not erode them.

192.35.222.136
ucsb seclab crawler

URI: /
robots.txt? NO

192.35.222.136
= University of California, Santa Barbara, Office of Information Technology
= Threat Level 17 [projecthoneypot.org...]

seclab = The Computer Security Group at UC Santa Barbara = http://seclab.cs.ucsb.edu/

keyplyr

11:14 pm on Jan 10, 2012 (gmt 0)

Academia should strive to uphold standards, not erode them.

Agreed, however being an academic gives insight that student projects often ignore the very curriculum built from those standards.

dstiles

11:53 pm on Jan 10, 2012 (gmt 0)

I have 192.35.222/24 blocked since last Jan.

upside

8:40 pm on Jan 14, 2012 (gmt 0)

I have 192.35.222/24 blocked since last Jan.

Same here.

A few other characteristics about their connections that stand out:

$_SERVER['HTTP_FROM']='seclab@cs.ucsb.edu';
$_SERVER['HTTP_USER_AGENT']='Python-urllib/2.6';
$_SERVER['HTTP_USER_AGENT']='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)';

lucy24

11:12 pm on Jan 14, 2012 (gmt 0)

The MSIE 6 alone would get them rewritten to a custom page. "Boy, what a boring site. Every single page just says 'I think I don't like your face'."

Pfui

3:17 am on Jan 22, 2012 (gmt 0)

FWIW: Infected machine at the so-called Security Group, too. URI=REF and tried POST to botbait:

192.35.222.29
ucsb seclab crawler

"GET /botbait/ HTTP/1.1" 200
"POST /botbait/ HTTP/1.1" 405 "http://www.example.com/botbait/"

dstiles

8:58 pm on Jan 22, 2012 (gmt 0)

I blocked that /24 almost exactly a year ago! :)

I see a lot of spam and "hacks" from domains claiming to be "security", most of them from compromised servers. :(

g1smd

9:02 pm on Jan 22, 2012 (gmt 0)

The

urllib

in the UA is more than enough to see all accesses bounced to oblivion here...