Welcome to WebmasterWorld Guest from 54.146.201.80

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

ucsb seclab crawler

     
10:24 pm on Jan 10, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2038
votes: 1


Academia should strive to uphold standards, not erode them.

192.35.222.136
ucsb seclab crawler

URI: /
robots.txt? NO

192.35.222.136
= University of California, Santa Barbara, Office of Information Technology
= Threat Level 17 [projecthoneypot.org...]

seclab = The Computer Security Group at UC Santa Barbara = http://seclab.cs.ucsb.edu/
11:14 pm on Jan 10, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5805
votes: 64


Academia should strive to uphold standards, not erode them.


Agreed, however being an academic gives insight that student projects often ignore the very curriculum built from those standards.
11:53 pm on Jan 10, 2012 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


I have 192.35.222/24 blocked since last Jan.
8:40 pm on Jan 14, 2012 (gmt 0)

Junior Member from US 

10+ Year Member

joined:Nov 30, 2002
posts:162
votes: 0


I have 192.35.222/24 blocked since last Jan.

Same here.

A few other characteristics about their connections that stand out:

$_SERVER['HTTP_FROM']='seclab@cs.ucsb.edu';
$_SERVER['HTTP_USER_AGENT']='Python-urllib/2.6';
$_SERVER['HTTP_USER_AGENT']='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)';
11:12 pm on Jan 14, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

joined:Apr 9, 2011
posts:12702
votes: 244


The MSIE 6 alone would get them rewritten to a custom page. "Boy, what a boring site. Every single page just says 'I think I don't like your face'."
3:17 am on Jan 22, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2038
votes: 1


FWIW: Infected machine at the so-called Security Group, too. URI=REF and tried POST to botbait:

192.35.222.29
ucsb seclab crawler

"GET /botbait/ HTTP/1.1" 200
"POST /botbait/ HTTP/1.1" 405 "http://www.example.com/botbait/"
8:58 pm on Jan 22, 2012 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


I blocked that /24 almost exactly a year ago! :)

I see a lot of spam and "hacks" from domains claiming to be "security", most of them from compromised servers. :(
9:02 pm on Jan 22, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


The
urllib
in the UA is more than enough to see all accesses bounced to oblivion here...