Welcome to WebmasterWorld Guest from 54.162.240.235

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

Target Domain in Useragent string

new to me

     
2:37 pm on Feb 2, 2014 (gmt 0)

Top Contributors Of The Month



I got visited by this bot:

NetzCheckBot/1.0 (security seal; <<my domain name>>.netzcheck.com; bot@netzcheck.com)

from OVH France (yeah, I know): 5.135.8.81

They registered their domain 2 weeks ago.
Showed up on ProjectHoneyPot last week.
Showed up on BotsVsBrowsers on the 29th.
Visited me yesterday, and were automatically blocked by my filters.

But they put the domain of the site they visit in their UA, which is the only reason I list it here, as that's something out of the ordinary. I have seen other sites do it in the past.
I'm really not into blacklisting, but behaviour that is out of the ordinary (like the above) is probably worth noting.

If nothing else, if you automatically report new UAs anywhere, you might want to watch for your domain name in them - otherwise you might publicly identify yourself as a source of such reports. Newsblur is conspicuously absent from botsvsbrowsers, so I assume BvB are filtering those out.
5:44 pm on Feb 2, 2014 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



But they put the domain of the site they visit in their UA, which is the only reason I list it here, as that's something out of the ordinary.


Actually there are a ton of sites out there trying to leverage domain names like the 49ers digging for gold back in the day. I started to put out a list of all of them once upon a time and found them like cockroaches popping up faster than I could list them all.

Some of them either share a database or scrape each other plus it looks like a bunch of them are all the same operator with a pile of different host domains trying to clog the SE so that every time you look for a domain name or certain keywords they choke the list of results.

Damned annoying litter is what it is and I wish Google would kill them all as they're worse than useless, literally internet trash scattered about much like the paper fliers strewn all over sidewalk on The Strip in Vegas.

FWIW, some UAs are crafted to be found in the SE index from sites that don't protect their log analysis pages and those pages end up getting indexed in Google and provide marketing and links for these nitwits.

Ugh.

Makes you feel dirty enough you need a shower after finding it in your log file ;)
10:23 pm on Feb 2, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



I don't think it's really got anything to do with the UA. It's more like a variation on referer spam. They want you to go to the named URL and look at their site analysis service. More often it's www.example.com/your-name-here/ ... but if they think wildcard subdomains are more impressive, well, let 'em think so. As long as they stay in OVH where they belong.
12:31 pm on Feb 3, 2014 (gmt 0)

Top Contributors Of The Month



Interesting:

So putting the target domain name in a UA serves at least 3 distinct purposes:

1. Making the UA less likely to be on a list of block-worthy UAs (because it will only be seen on a unique site)
2. Spamming the recipient (attempting to get them to visit the site to follow up the 'analysis')
3. Acting as a beacon for finding out who reports UAs on public lists.

Dastardly... though probably too rare to be worth blocking automatically.

Every time I've looked at BotsVsBrowsers 'Recent Additions' list recently, there has been UA spam there - different spam from the same sources. Birds nesting on the scarecrow.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month