Spider populating the Authenticated Username in my log file

Forum Moderators: phranque

Message Too Old, No Replies

Spider populating the Authenticated Username in my log file

jomaxx

6:43 am on Jan 13, 2006 (gmt 0)

Yikes, I get a lot of rogue spiders on my site but this is the first time one has ever stuck a value into field 3 of my log file (authenticated username, almost always just a dash). What's more, the username is a handle for someone who appears to be some kind of hacker (based on a Google search).

Now it wasn't spidering any password-protected directories, and on this server I haven't even set up any directories that use linux security. Plus if my server had been hacked then he'd have no need to spider the website - there would be better ways to copy the data. Thus I THINK he is just tweaking my nose by configuring his spider to send a value in that field, even though it won't be recognized by my server.

But is this the way it works? Is there some way that this field can be faked/forged? Or do I have a real problem?

jomaxx

7:25 am on Jan 13, 2006 (gmt 0)

P.S. I grepped my log file and found one other page request from earlier today doing the same thing. This is from a known spider ("MarkWatch 1.0") and the IP appears to be legit, so I am hopeful there isn't a security hole being exploited after all. I moved to a new server a few weeks ago and maybe this server has slightly different rules about writing the userid to the log.

But please let me know if this shouldn't be happening.