Welcome to WebmasterWorld Guest from 54.163.35.238

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

Blocked IP Appends Data on URL

     

Angonasec

6:17 am on Jul 27, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I now block Exxon 158.25.0.0/16

Because a blocked Polish IP appends junk to file names, and when it receives a 403, immediately (ie. the next second) uses an RU IP to do the same.

188.116.4.204 - - [26/Jul/2014] "GET /example.htm/RK=0/RS=oMTszqk.FkrwF.7aIXBrmeN8RXk- HTTP/1.1" 403 294 "-" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36"
158.255.0.157 - - [26/Jul/2014] "GET /example.htm/RK=0/RS=oMTszqk.FkrwF.7aIXBrmeN8RXk- HTTP/1.1" 404 959 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0"

PS. I'm curious if anybody is able to interpret the append? RK=0/RS=o

not2easy

1:29 pm on Jul 27, 2014 (gmt 0)

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month



PS. I'm curious if anybody is able to interpret the append? RK=0/RS=o
Apparently this is a problem caused by a (lazy? not very bright?) scraper who used Yahoo search results to scrape and just grabbed the URLs for their "Directories" from the results, as is without editing out Yahoo's internal link structure. There was some discussion about that around here. If you were to search here for "RK=0" you can find the entire answer.

Angonasec

11:09 pm on Jul 27, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thank you iBill for fixing this thread (I mistakenly lumped the innocent Exxon IP cidr 158.25.0.0/16 with the guilty 158.255.0.0/24 nasties. I no longer block Exxon, of course. My apologies.)

Thank you not2easy, yes, well spotted. I do see that same RK=0/RS=o code in my logs used by legitimate Yahoo! search requests.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month