Damn Spam!
Search 

Topics

User Functions






    Lost your password?

It's all Chinese to me ...

    
Saturday, May 28 2005 @ 18:59 CEST
Contributed by: Dirk

Okay, apparently Baiduspider is a legit spider for a large Chinese search engine. I wonder, however, why it would do referrer spamming ... 

202.102.3.22 - - [28/May/2005:11:44:15 -0400] "GET /article.php/ HTTP/1.1" 200 116 "http://www.chinamoulds.net/English/Crochet_machine.html" "Baiduspider+(+http://www.baidu.com/search/spider<a href=http://www.chinamoulds.net/English/Crochet_machine.html>.</a>htm)"

Several things are odd here:

  1. The inclusion of a referrer
  2. The inclusion of the referrer in the user agent string (and in HTML at that!)
  3. The fact that the referred URL displays what appears to be the Chinese version of a "500 Internal Server Error" of Microsoft's IIS
  4. The non-sensical URL it's trying to access here
  5. The fact that it comes from the same IP, with the same referrer, several times a day now.

I can only assume that this is a fake, but I have no idea why ...

Filed under: Bots
()

View Printable Version

Trackback

Trackback URL for this entry: http://spam.tinyweb.net/trackback.php/baiduspider

No trackback comments for this entry.
It's all Chinese to me ... | 4 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
More of the same
202.108.11.232 - - [29/May/2005:00:51:32 -0400] "GET / HTTP/1.1" 200 49583 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
202.108.11.232 - - [29/May/2005:02:01:38 -0400] "GET / HTTP/1.1" 302 215 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
202.108.11.232 - - [29/May/2005:02:01:41 -0400] "GET / HTTP/1.1" 200 49417 "-" "Baiduspider+(+http://www.baidu.com/search/spider.htm)"
222.185.1.98 - - [29/May/2005:08:30:20 -0400] "GET /forum/ HTTP/1.1" 200 38586 "http://www.plasticmachinery.cn/English/Used_Plastic_Machinery.html" "Baiduspider+(+http://www.baidu.com/search/spider<a href='http://www.plasticmachinery.cn/English/Used_Plastic_Machinery.html'>.</a>htm)"
222.185.1.98 - - [29/May/2005:08:31:26 -0400] "GET /article.php/ HTTP/1.1" 200 116 "http://www.plasticmachinery.cn/English/Used_Plastic_Machinery.html" "Baiduspider+(+http://www.baidu.com/search/spider<a href='http://www.plasticmachinery.cn/English/Used_Plastic_Machinery.html'>.</a>htm)"
219.130.215.181 - - [29/May/2005:09:40:17 -0400] "GET /forum/ HTTP/1.1" 200 14503 "http://www.izhuqiu.com" "Baiduspider+(+http://www.baidu.com/search/spider<a href=http://www.mobilecity.com.cn>.</a>htm)"
219.130.215.181 - - [29/May/2005:09:41:18 -0400] "GET /article.php/ HTTP/1.1" 200 116 "http://www.izhuqiu.com" "Baiduspider+(+http://www.baidu.com/search/spider<a href=http://www.mobilecity.com.cn>.</a>htm)"

The first 3 requests look legit, but the others - especially the ones with the HTML in the user agent string - are odd.

I'm going to block that bot. Sorry to any potential readers in China, but this looks too fishy for my tastes ...

Authored by: Dirk on Sunday, May 29 2005 @ 15:59 CEST
[ Reply to This | # ]
Behaves elsewhere

I'm also seeing visits by Baiduspider on my other sites, but it's behaving there - no referrer spam. Maybe the spamming Baiduspider is fake. But I need more data to be sure ...

Authored by: Dirk on Monday, May 30 2005 @ 23:03 CEST
[ Reply to This | # ]
It's all Chinese to me ...

Okay, note to self: Check Michael's site more often - he's already done the analysis and separated the faked Baiduspiders from the real ones.

Authored by: Dirk on Tuesday, May 31 2005 @ 12:10 CEST
[ Reply to This | # ]
It's all Chinese to me ...
I have found that this Baidispider uses many Ip's and I keep adding them to my firewall to block them. Every time thet get to scan one of my sites I start getting spam from all over on my contact us forms. I have no doubt that this spider is scanning sites to find contact us forms it can pass on to spammers. This is why it is scanning english sites. Evertime I block them and chnage my contact us form file name the spam stops until they come in o a new IP and then the sdpam starts again. There is no doubt that they are responsible.
Authored by: Anonymous on Monday, October 29 2007 @ 07:25 CET
[ Reply to This | # ]

Copyright © 2008 Damn Spam! Powered By Geeklog