Welcome to WebmasterWorld Guest from 54.196.42.8

Forum Moderators: Ocean10000 & keyplyr

DMVG Site Analyzer

     
5:52 pm on Aug 9, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15028
votes: 665


UA: DMVG Technology - Site Analyzer - http://www.dmvg.tech
IP: 104.238.81.abc
robots.txt: no
HTTPS: no
status: blocked by headers
Last I checked, 104.238.64.0/18 was GoDaddy.

I include the full list of requests, as it’s educational:
/ 
/contact.html
/contactus.html
/contact-us.html
/contact/default.asp
/contact-us/
/contact.asp
/contactus.cfm
/contact.htm
/contactus.htm
/contact.php
/contact.aspx
/contact
/contact_us.htm
/ContactUs.aspx
/contact-us.aspx
/contact-us-2
/about/contact-us
Punchline: My 403 page is made for humans. It includes a link to /dirname/contact.html.

(/contact-us-2? Really? Does some CMS use this name?)
8:03 pm on Aug 9, 2018 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12334
votes: 805


I include the full list of requests, as it’s educational:
Yeah, educational to other bad bot runners interested to see what they should be scanning for.
8:43 pm on Aug 9, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15028
votes: 665


Oh, I'm sure they just bought a list from somewhere. Like the bots that request every possible permutation of /wp-admin/. They didn't all come up with their own lists from scratch.

What do you learn from a contact form, anyway? Are they fishing for email addresses?

Edit: One bit of their website is headed “Take control of your security”. Thanks, dmvg, but that list of 403s should tell you everything you need to know about my security.

Further edit: Turns out they had the identical shopping list way back in March. I checked logs in case they’d also tried my “real” site. (They hadn’t.) Only my personal site--and then only by HTTP. I just didn’t happen to notice that time.
8:50 pm on Aug 9, 2018 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12334
votes: 805


What do you learn from a contact form, anyway?
Most Contact pages would likely reveal more valuable data than any other page at a site: Business Name, Address, Phone Numbers, Email addresses, etc. This info aggregated with other data such as Business Type, Products/Services, Region, Server Location, OS, and any other data revealed during this exchange is bundled into products sold to many buyers. Information is money.


[added]
Last I checked, 104.238.64.0/18 was GoDaddy

It's likely this UA will also come from other ranges in the future...
DMVG Partners with Cloudflare... DMVG will find the best host for your site or application AND manage the relationship for you
source: dmvg.tech

So it may be prudent to use UA if blocking.