1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 12:20 am May 5, 2026

Forum Moderators: open

Message Too Old, No Replies

Firefox 6 attack

testing my site?

         

incrediBILL

7:32 am on Feb 13, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Here's a sample of some little attack that hit my radar which I found quite amusing.

All the same UA, all had the same flaw that caused them to get caught, most came from consecutive IPs in Germany, Sweden and a few other countries. The one I found most interesting was the Georgia IP was from a university, compromised or the source of the bombardment?

And it all happened quickly, within a minute, stress testing my scripts perhaps?

2012-02-12,00:38:09,83.140.95.58,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:11,83.140.95.53,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:22,83.140.95.64,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:31,83.140.95.65,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:35,83.140.95.40,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:35,186.153.181.226,Argentina,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:37,80.248.233.152,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:40,80.248.233.136,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:42,46.59.93.205,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:43,46.59.93.209,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:44,46.59.93.208,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:45,46.59.93.201,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:46,46.59.93.203,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:48,46.59.93.210,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:49,46.59.93.204,Germany,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:50,80.248.238.152,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:51,217.147.231.50,Georgia,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:52,80.248.239.130,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:53,80.248.239.133,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:54,80.248.239.126,Sweden,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html
2012-02-12,00:38:59,218.189.26.158,Hong Kong,"Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0",/index.html

Anyone tracking anything like this?

wilderness

8:30 am on Feb 13, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Bill,
Nothing like that, however I've something unique.
Since not having any logs to work with, I've been a bit less active.

I deplore browser changes on my own machines and stuck with FF 3.6 despite many newer versions.
Recently I upgraded to 7.01.
I only use a few piug-ins.

Had automated requests in my logs from ASK (using my own IP) and I wasn't aware that I had any Ask tool bar installed.

My FF UA
"Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"

The requests (four minutes after exiting the page and my own IP)
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; AskTbFXTV5/5.12.2.16749; .NET CLR 1.1.4322)"

After some poking around on the WWW. There are some suggestions that this toolbar is related to the Avira AV, which I use. It seems Avira is installing this TB in the FREE version of their software automatically and without notification.

There are some Ask references in the FF about:config, however nothing I could see to warrant change.

However, and to be fair, I've been editing loads of web pages with an older html software, and likely should be doing so offline, so that absolute links would not function.

Still, who'd ever thought ;)

wilderness

8:41 am on Feb 16, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Speaking of compromised machines:

205.188.116.zzz - - [16/Feb/2012:07:56:17 +0000] "GET /MyFolder/MySub/MyPage.html HTTP/1.1" 403 533 "http:/example.com/smf/index.php?topic=00000.0" "Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.5; AOLBuild 4337.5401; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDC; .NET4.0C; ShopperReports 3.0.497.0; SRS_IT_E8790571B5765E543FAD97; BRI/1; BRI/2; FunWebProducts; AskTbORJ/5.13.1.18107)"
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 12:20 am May 5, 2026