[ale] Irritating OmniExplorer_Bot web bot
Charles Brian Quinn
me at seebq.com
Tue Jan 3 14:52:27 EST 2006
Fellow Alers,
I came in this morning to find one of my servers not responding to any
requests. After a reboot, a top shows my box has been pegged for a long
time. The culprit was found in the apache2 combined logs (for webstats):
64.127.124.130 - - [03/Jan/2006:14:43:08 -0500] "GET
/gallery2/main.php?g2_view=core.UserAdmin&g2_subView=core.UserLogin&g2_return=http%3A%2F%2Fwww.seebq.com%2Fgallery2%2Fv%2Fitaly%2Fsalone%2FSalone_Internazionale_del_Mobile_105.jpg.html%3Fg2_imageViewsIndex%3D1&g2_returnName=photo
HTTP/1.1" 403 282 "-" "OmniExplorer_Bot/5.35
(+http://www.omni-explorer.com) WorldIndexer"
64.127.124.130 - - [03/Jan/2006:14:43:11 -0500] "GET
/gallery2/main.php?g2_view=core.UserAdmin&g2_subView=register.UserSelfRegistration&g2_return=http%3A%2F%2Fwww.seebq.com%2Fgallery2%2Fv%2Fitaly%2Fsalone%2FSalone_Internazionale_del_Mobile_105.jpg.html%3Fg2_imageViewsIndex%3D1&g2_returnName=photo
HTTP/1.1" 403 282 "-" "OmniExplorer_Bot/5.35
(+http://www.omni-explorer.com) WorldIndexer"
It looks like this bot tried to deep index (index - yeah right) my
entire site, and went through the gallery2 software I installed and
tried to sign up (register as a user) under each page, add things to its
cart, etc. etc. repeatedly, while apache2 kept serving up requests and
spawning new instances to keep up with the "DDOS" style attack.
It is ignoring my robots.txt file, and continues to hammer my site after
forbidding apache access to it (note the 403s in the log file above).
I'm about to re-emerge apache2 with tcpd support (tcp-wrappers) and add
that entire subnet to the /etc/hosts.deny .
Annoying. http://www.omni-explorer.com/ has more information, but
google tells some other horror stories.
Just an FYI.
--
Charles Brian Quinn
www.seebq.com
More information about the Ale
mailing list