Microsoft flooding sites with fake traffic
Kent Johnson
kent37 at tds.net
Thu Feb 21 08:56:55 EST 2008
Ed lawson wrote:
> I know nothing from the technical side of this, but I mentioned this to
> someone who works at MSFT and their first comment was that it was
> likely Live Search crawling to build an index.
Except:
- the referrer is a single-word search at search.live.com, e.g.
http://search.live.com/results.aspx?q=marketing&mrt=en-us&FORM=LIVSOP
- The client acts like a browser, in that it fetches CSS and JavaScript
files as well as the primary page, and the User-Agent seems to be MSIE 7:
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)"
Here is a complete sequence from my logs:
65.55.165.51 - - [20/Feb/2008:02:22:16 -0500] "GET
/category/Web-Marketing/ HTTP/1.1" 200 15810
"http://search.live.com/results.aspx?q=marketing&mrt=en-us&FORM=LIVSOP"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)"
65.55.165.51 - - [20/Feb/2008:02:22:18 -0500] "GET
/media/public/css/blogcosm.css HTTP/1.1" 200 8114
"http://blogcosm.com/category/Web-Marketing/" "Mozilla/4.0 (compatible;
MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)"
65.55.165.51 - - [20/Feb/2008:02:22:19 -0500] "GET
/media/public/css/category_detail.css HTTP/1.1" 200 2952
"http://blogcosm.com/category/Web-Marketing/" "Mozilla/4.0 (compatible;
MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)"
65.55.165.51 - - [20/Feb/2008:02:22:19 -0500] "GET
/media/public/css/toc.css HTTP/1.1" 200 399
"http://blogcosm.com/category/Web-Marketing/" "Mozilla/4.0 (compatible;
MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)"
65.55.165.51 - - [20/Feb/2008:02:22:19 -0500] "GET
/media/public/css/one-liners.css HTTP/1.1" 200 223
"http://blogcosm.com/category/Web-Marketing/" "Mozilla/4.0 (compatible;
MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)"
65.55.165.51 - - [20/Feb/2008:02:22:19 -0500] "GET /css/colors.css
HTTP/1.1" 200 4410 "http://blogcosm.com/category/Web-Marketing/"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)"
I seem to have one of these roughly every 1/2 hour though the interval
varies widely.
Kent
More information about the gnhlug-discuss
mailing list