joined:Nov 5, 2005
Spaces added to Subject to pass muster weren't enough. So picture this:
Not a bot or spider per se but now that I've seen hundreds of those in a week I thought I'd mention it. The URI first appeared on Aug. 30th with no UA at all, and always Apache-flagged as a 400 error because of "erroneous characters after protocol string".
The majority of the hits are singles, but some number up to five in six minutes, and getting worse. Plus multiple same-Host static addresses suggest some ISPs may be affected. To date, most addresses have been in South America.
I've blocked slashdot patterns forever, but in case you don't, you might want to start -- and check your DVR brand. Here's more info about the exploit's possible origin(s) and actual existence:
"Unidentified Scanning Activity" [isc.sans.edu
"HiSilicon DVR Devices - Remote Code Execution" [exploit-db.com