SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    5,387
    Mentioned
    218 Post(s)
    Tagged
    5 Thread(s)

    Strange User-Agent String

    I'm not entirely sure this is the right forum, but I couldn't think where else to post.

    I've recently noticed some very weird user-agent strings in my logs. They are all exactly the same, apart from the domain and link text. e.g.
    Code:
    User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:{1|2|3|4}.{1|2|3|4|5|6|7|8|9|0}.{1|2|3|4|5|6|7|8|9|0}.{1|2|3|4|5|6|7|8|9|0}) Gecko/2012{1|0}{1|2|3|4|5|6|7|8|9|0}{1|2|3}{1|2|3|4|5|6|7|8|9|0} Firefox/{1|2|3|4|5|6|7|8|9|0}.{1|2|3|4|5|6|7|8|9|0}.{1|2|3|4|5|6|7|8|9|0}{1|2|3|4|5|6|7|8|9|0} <a href=http://domain.info >High Poker</a>
    Why would there be a link there? What does it do? As far as I can tell, the domains are all perfectly legit and "innocent" and show no signs of having been hacked or anything else. The bots, on the other hand, are clearly Up To No Good. What's going on here?

    This is more curiosity than concern, but I do like to understand who's doing what to my sites.
    Don't be arrogant. Be kind to a koala that thinks it's a bear.

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    It is basically log spam in hopes you publicly display your logs and search engines see it.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,608
    Mentioned
    24 Post(s)
    Tagged
    1 Thread(s)
    The user agent is a free format user enterable field and so can contain anything that anyone wants to put there. I have thought for several years now that it was only a mater of time before people start replacing its content with advertising. Looks like I was right.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  4. #4
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    5,387
    Mentioned
    218 Post(s)
    Tagged
    5 Thread(s)
    Thanks guys. It made no sense to me, as I couldn't see how anybody was going to see the link. It's also a bit puzzling, as most of the sites seem to be very respectable, mainstream businesses and nothing at all to do with the botnets pushing them. (A manufacturer of blinds, a fruit juice company, a baby toy company etc.)
    Don't be arrogant. Be kind to a koala that thinks it's a bear.

  5. #5
    SitePoint Zealot
    Join Date
    Mar 2012
    Posts
    110
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by TechnoBear View Post
    It's also a bit puzzling, as most of the sites seem to be very respectable, mainstream businesses and nothing at all to do with the botnets pushing them. (A manufacturer of blinds, a fruit juice company, a baby toy company etc.)
    Good point. Perhaps it's some botnet maker/owner that is just testing to make sure their botnet is working fine by framing unscrupulous sites?

  6. #6
    SitePoint Zealot
    Join Date
    Mar 2012
    Posts
    110
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pamela1991 View Post
    Good point. Perhaps it's some botnet maker/owner that is just testing to make sure their botnet is working fine by framing scrupulous sites?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •