Header RSS Feed
 
If you only want to see the articles of a certain category, please click on the desired category below:
ALL Android Backup BSD Database Hacks Hardware Internet Linux Mail MySQL Monitoring Network Personal PHP Proxy Shell Solaris Unix Virtualization VMware Windows Wyse

GoogleBot used as HTTP Agent by Hackers/Botscripts
Wednesday - Sep 5th 2012 - by - (0 comments)

In the past few weeks I got aware of more and more bot scripts which claim to be the GoogleBot. In the HTTP Header they claim as HTTP Agent "GoogleBot", like the original one. Only a look at the IP address shows that this is fake (GoogleBot always comes from a 69.249.x.x address).

This is such an access:

95.141.32.238 - - [05/Sep/2012:19:28:05 +0200] "GET /images.php HTTP/1.1" 200 3 "-" "Mozilla/5.0 (compatible; Goooglebot/2.1; +http://www.google.com/bot.html)"

In this case, image.php was accessed, a malicious PHP file to launch processes.

The main goal why they're faking the GoogleBot is probably to trick System Admins, e.g. when grep -iv bot is used to check access logs.

Besides that, in this case they even seemed to have made a typo-mistake as it says "Goooglebot" with 3 o's.

 

Add a comment

Show form to leave a comment

Comments (newest first):

No comments yet.

Go to Homepage home
Linux Howtos how to's
Nagios Plugins nagios plugins
Links links

Valid HTML 4.01 Transitional
Valid CSS!
[Valid RSS]

7633 Days
until Death of Computers
Why?