Damn Spam!
Search 

Topics

User Functions






    Lost your password?

EverbeeCrawler

    
Wednesday, October 05 2005 @ 20:51 CEST
Contributed by: Dirk

Yet another stupid bot that caught my attention: EverbeeCrawler. Now, what's wrong with this request?

213.251.151.102 - - [05/Oct/2005:03:28:20 -0400] "GET /forum/viewtopic.php%253%3?forum%253%3=12%26showtopic%253%3=57796 HTTP/1.1" 400 227 "http://www.geeklog.net:80/forum/" "EverbeeCrawler"

I have no idea what the %253%3 (or the 12%26, for that matter) is supposed to mean or even where it's coming from - certainly not from a link on our site. Also notice the 400 HTTP response code - this broken request caused our webserver to barf. Stupid bot ...

Originally, I noticed this bot because of its tendency to add ":80" to its referrers (as can be seen in the request above). Besides, the actual idea of using referrers (from external sites) is a bad one for a bot.

I've put it in our robots.txt. It took a while, but it did catch on eventually - it's only requesting the robots.txt and nothing else now.

Interestingly enough, you can't find much about that bot on the web. Only lots of sightings in other people's referrer stats (why are those openly on the web, btw?). The IP address (also: 213.251.151.103) belongs to an outfit called "Everbee Networks", located in France, and related to OVH (ovh.net, ovh.com). OVH seems to be a hoster so maybe Everbee Networks is one of their customers.

Filed under: Bots
()

View Printable Version

Trackback

Trackback URL for this entry: http://spam.tinyweb.net/trackback.php/everbee-crawler

No trackback comments for this entry.
EverbeeCrawler | 1 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
EverbeeCrawler
Be on the lookout for links to your php scripts like this. They are atempting to create duplicate content on your server.
PHP will ignore the extra code and display the normal page but it will allow the atacker to create many duplicate content links that he can send to the msn lame search bot live search. You will then get banned from msn as having duplicate content.

This is likely why we keep seeing these types of extra codes at the end of our URLS.
Authored by: Anonymous on Sunday, December 17 2006 @ 18:18 CET
[ Reply to This | # ]

Copyright © 2008 Damn Spam! Powered By Geeklog