Welcome to WebmasterWorld Guest from 54.204.165.156

Forum Moderators: Ocean10000 & incrediBILL

the art-loving iPad

   
4:28 am on Nov 10, 2012 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



You know that nebulous feeling that something is Not Right, but nothing is jumping up and hitting you in the face?

After some serious work with Regular Expressions, I've established that since late September, a seemingly normal iPad has been helping itself to my jpgs. Make that: a botnet all dressed up as iPads.

Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25

except for a few recent ones that had upgraded to
Mozilla/5.0 (iPad; CPU OS 6_0_1 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A523 Safari/8536.25

Both UAs are identical to my own iPad in the same time period.

No two IPs alike, and never more than one image on a visit-- except for one that was locked out and therefore tried eight times. (Can't for the life of me figure out why it was blocked, but I'm not complaining.) Come from all over the globe; in fact the only thing they have in common is that I've never met any of the IP ranges before.

Some images seem to be more popular, but no discernible pattern. Always jpg, no png or gif. In particular: no apple-touch-icons, which are png.

They're not returning to pick up images they saw on some earlier visit-- unless every single one used a completely different IP (I look for a.b.c. only), which stretches credulity.

Can anyone think of a perfectly legitimate explanation? Otherwise I'm inclined to rewrite them all to my one-pixel transparent gif. Request for jpg, no referer, user-agent iPad.
8:59 am on Nov 10, 2012 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Possibly a game used by iPad owners. I block some games or audio players that look for album cover art that were scraping my musician photos.

Or just an image scraper that was written using that iPad UA. I've never been able to figure out how they know the files names or where to look.
11:27 am on Nov 10, 2012 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



lucy,
I've had some extensive activity in which the "party" returns within 15-30 minutes after the initial visit to grab an single-image that was linked on the page they previously visited.

(some of my pages have links from thumbnails to larger images, while others don't, even in a directory which uses a large quantity of thumbnails).

I don't care for the method, however the only reasonable solution was to deny the UA based upon the IP and that seemed an never-ending task.

I've yet to have one return in the 15-30 minute time frame and grab multiple images.
1:24 pm on Nov 10, 2012 (gmt 0)

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month



Maybe "Pinners" using Pinterest or some similar "service"?
9:16 pm on Nov 10, 2012 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



There used to be (possibly still is) a random grid of hot-linked images on a Linux desktop - can't remember the name of it now but it used favicons and was a real pain to block (ended up moving all favicons out of the home directory).

Have to say this isn't Lucy's problem but maybe similar?
4:21 am on Nov 12, 2012 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Postscript:

And no sooner do I block-- or rather rewrite-- the jpg + iPad + no-referer configuration, than this other UA with identical behavior comes into sharp focus:

Google/2.5.1.13455 CFNetwork/609 Darwin/13.0.0

Until recently I'd had "Darwin" blocked. I unblocked it because it seemed to be involved in some kind of legitimate activity. Cursory glance through raw logs brings up an assortment of

{something-or-other-here}/{numbers} CFNetwork/{more numbers} Darwin/{version number}

When the something-or-other is MobileSafari, it's a request for the apple-touch-icon. I know this is legit, because I find it connected to my own iPad visits.

:: off to edit htaccess ::
6:26 pm on Nov 12, 2012 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I block all flavors of CFNetwork. It's an image grabber used on the various Apple appliances, highly abused. I only allow it to get the apple icons.
6:36 pm on Nov 12, 2012 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



ditto to cfn.

from 2004:
64.110.237.zz - - [19/Sep/2004:07:27:54 -0700] "GET /MyFolder/MyImage.jpg HTTP/1.0" 200 1833 "-" "CFNetwork/1.1"
 

Featured Threads

Hot Threads This Week

Hot Threads This Month