In the past few weeks I got aware of more and more bot scripts which claim to be the GoogleBot. In the HTTP Header they claim as HTTP Agent "GoogleBot", like the original one. Only a look at the IP address shows that this is fake (GoogleBot always comes from a 69.249.x.x address).
This is such an access:
126.96.36.199 - - [05/Sep/2012:19:28:05 +0200] "GET /images.php HTTP/1.1" 200 3 "-" "Mozilla/5.0 (compatible; Goooglebot/2.1; +http://www.google.com/bot.html)"
In this case, image.php was accessed, a malicious PHP file to launch processes.
The main goal why they're faking the GoogleBot is probably to trick System Admins, e.g. when grep -iv bot is used to check access logs.
Besides that, in this case they even seemed to have made a typo-mistake as it says "Goooglebot" with 3 o's.
No comments yet.
AWS Android Ansible Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Container Containers CouchDB DB DNS Database Databases Docker ELK ElasticSearch Elasticsearch Filebeat FreeBSD GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb2 InfluxDB Internet Java Kibana Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Rancher SSL Security Shell SmartOS Solaris Surveillance SystemD TLS Tomcat Ubuntu Unix VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder