betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

25 May 2005

Bot Attack

Referrer spam without referrer?

Starting from yesterday I am having lots of accesses by what appears to be a bot or spider. At first when I found my stats file inflating certain pages views, I had expected to have been hit by referrer spam. But there is no referrer. Only the blog part of my site is being targeted, the same URLs are hit again and again, sometimes more than 200-300 times. The browser ID string is always "Mozilla/4.76 [en] (Win98; U)"...


Originating IPs seem to be all over the place, from places as far away as China and Germany.

I have now blocked access to this from apaches httpd.conf, returning 403, in order to save some bandwidth and retain sane access statistics. The attacks remain.

The browser ID string is always the same, it seems to be one that has been often used as an example in perl and web spidering books. I have not had a legitimate page request with this browser id string in the last 4 months (that I could overview from log files). So I do not expect that there is a legitimate userbase being denied access.

Here is a small sample from the access_log file:

213.162.50.228 - - [25/May/2005:16:28:47 +0200] 
"GET /blogs/ch-athens/30 HTTP/1.1" 403 299 "-" 
"Mozilla/4.76 [en] (Win98; U)"


219.95.111.181 - - [25/May/2005:16:30:40 +0200] 
"GET /blogs/ch-athens/65 HTTP/1.0" 403 287 "-" 
"Mozilla/4.76 [en] (Win98; U)"


213.162.50.228 - - [25/May/2005:16:40:04 +0200] 
"GET /blogs/ch-athens/107 HTTP/1.1" 403 300 "-" 
"Mozilla/4.76 [en] (Win98; U)"

213.162.50.228 - - [25/May/2005:16:40:12 +0200] 
"GET /blogs/ch-athens/104 HTTP/1.1" 403 300 "-" 
"Mozilla/4.76 [en] (Win98; U)"

So: Has anyone seen this before? Is it targetting weblogs in general? Is it targetting COREBlog? Or just me? Any comments on this?

Posted by betabug at 17:11 | Comments (2) | Trackbacks (0)
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page
Recent Entries
Best of
Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
<< betabug in Hong Kong | Main | Υιοθετείστε ένα ωράριο >>
Comments
Re: Bot Attack

Although I have access to raw web stats produced by 4-5 servers, I haven't come across the one you mentioned before. The only strange thing I got is a really active bot from MSN. They are really trying to hit "the big cahoona" - Google. :D

Posted by: Nikos Patelis at May 26,2005 03:46
Re: Bot Attack

You can use apache mod security + a bash script to prevent such ddos attacks.

I know this is late reply:) but just now I saw this post.

Posted by: sreenadh at June 05,2013 17:26
Trackbacks
You can trackback to: http://betabug.ch/blogs/ch-athens/109/tbping
There are no trackbacks.
Leave a comment