I’m not entirely sure this is the right forum, but I couldn’t think where else to post.
I’ve recently noticed some very weird user-agent strings in my logs. They are all exactly the same, apart from the domain and link text. e.g.
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:{1|2|3|4}.{1|2|3|4|5|6|7|8|9|0}.{1|2|3|4|5|6|7|8|9|0}.{1|2|3|4|5|6|7|8|9|0}) Gecko/2012{1|0}{1|2|3|4|5|6|7|8|9|0}{1|2|3}{1|2|3|4|5|6|7|8|9|0} Firefox/{1|2|3|4|5|6|7|8|9|0}.{1|2|3|4|5|6|7|8|9|0}.{1|2|3|4|5|6|7|8|9|0}{1|2|3|4|5|6|7|8|9|0} <a href=http://domain.info >High Poker</a>
Why would there be a link there? What does it do? As far as I can tell, the domains are all perfectly legit and “innocent” and show no signs of having been hacked or anything else. The bots, on the other hand, are clearly Up To No Good. What’s going on here?
This is more curiosity than concern, but I do like to understand who’s doing what to my sites.
The user agent is a free format user enterable field and so can contain anything that anyone wants to put there. I have thought for several years now that it was only a mater of time before people start replacing its content with advertising. Looks like I was right.
Thanks guys. It made no sense to me, as I couldn’t see how anybody was going to see the link. It’s also a bit puzzling, as most of the sites seem to be very respectable, mainstream businesses and nothing at all to do with the botnets pushing them. (A manufacturer of blinds, a fruit juice company, a baby toy company etc.)
What’s going on here?