strange MS visits
J. Qiang Li
shijialee-/E1597aS9LQAvxtiuMwx3w at public.gmane.org
Thu Dec 2 05:02:12 UTC 2004
my old redhat 7.2 apache log just rotated on Nov 28.. since then, 89 out of 463 lines from the
current apache log are from msnbot, 207.46.98.124. almost 20% log entries.
but that's much less than the entries generated by the scanning from the infected windows
machines. a 3.2MB access_log.1 file can be trimmed down to 90K after a cleanup by running a
filter script.
Qiang
--- Sergey Kuznetsov <tlug-9a/WvBvX2Qpg9hUCZPvPmw at public.gmane.org> wrote:
> It's "Google-killer" search engine from Micro$oft. This IP address in my
> permanent iptables ban-list.
> They are very aggressively index my pages almost every day, slowing down
> my connection.
> Most of their hits comes to my Philip Sayce photoalbum.
>
>
> PS: It's a old Linux server, http://gallery.deeptown.org running old
> redhat 8. =)
>
> All the Best!
> Sergey.
>
> Austin wrote:
>
> >Hmm, I'm having the weirdest thing going on with my website... maybe
> >someone can offer insight.
> >
> >I've had this address crawling all over my site lately, which is okay.
> >Recently it started visiting more often, and reloading the same pages
> >repeatedly. By today, it was pounding two of my pages "recent posts"
> >and "leave feedback" form, several times per minute. It's not really
> >consuming that much bandwidth, but it's filling up my logs with useless
> >quasi-spam.
> >
> >So guess who's IP it is?
> >
> >[austin at n1 rpm]$ whois 207.46.98.47
> >OrgName: Microsoft Corp
> >OrgID: MSFT
> >Address: One Microsoft Way
> >City: Redmond
> >StateProv: WA
> >
> >So either the microsoft search bot is messed up treating my site like a
> >punching bag, or someone at MS is being a dick, or a machine at head
> >office has been compromised and is being used to do malicious stuff.
> >
> >I dunno, I guess it's a bit off topic, but I'd love to hear your ideas.
> >
> >Austin
> >
> >P.S. It's a linux server, http://groundstate.ca running Drupal.
> >
> >--
> >The Toronto Linux Users Group. Meetings: http://tlug.ss.org
> >TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> >How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
> >
> >
>
> --
> The Toronto Linux Users Group. Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
>
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list