In the past few weeks I got aware of more and more bot scripts which claim to be the GoogleBot. In the HTTP Header they claim as HTTP Agent "GoogleBot", like the original one. Only a look at the IP address shows that this is fake (GoogleBot always comes from a 69.249.x.x address).
This is such an access:
188.8.131.52 - - [05/Sep/2012:19:28:05 +0200] "GET /images.php HTTP/1.1" 200 3 "-" "Mozilla/5.0 (compatible; Goooglebot/2.1; +http://www.google.com/bot.html)"
In this case, image.php was accessed, a malicious PHP file to launch processes.
The main goal why they're faking the GoogleBot is probably to trick System Admins, e.g. when grep -iv bot is used to check access logs.
Besides that, in this case they even seemed to have made a typo-mistake as it says "Goooglebot" with 3 o's.
No comments yet.
Personal Internet VMware PHP Linux Shell Bluecoat Proxy Windows Hardware Virtualization Nagios MySQL DB Monitoring Mail Android Network Wyse Hacks Tomcat Postgres Apple Mac Backup BSD ZFS Solaris SmartOS Unix Multimedia Perl Database MongoDB CMS OTRS FreeBSD Wordpress LXC Nginx Proxmox DNS Graphics GlusterFS Security Chef HAProxy Icinga Ansible HTML MariaDB Containers Rancher Docker AWS ELK Kibana Logstash Filebeat Varnish PGSQL PostgreSQL ElasticSearch CouchDB Bash Macintosh Container Minio Grafana InfluxDB Databases NFS OSSEC SystemD Java Zoneminder Surveillance Elasticsearch SSL TLS Icingaweb2 Cloud Wireless Kubernetes Ubuntu