In the past few weeks I got aware of more and more bot scripts which claim to be the GoogleBot. In the HTTP Header they claim as HTTP Agent "GoogleBot", like the original one. Only a look at the IP address shows that this is fake (GoogleBot always comes from a 69.249.x.x address).
This is such an access:
95.141.32.238 - - [05/Sep/2012:19:28:05 +0200] "GET /images.php HTTP/1.1" 200 3 "-" "Mozilla/5.0 (compatible; Goooglebot/2.1; +http://www.google.com/bot.html)"
In this case, image.php was accessed, a malicious PHP file to launch processes.
The main goal why they're faking the GoogleBot is probably to trick System Admins, e.g. when grep -iv bot is used to check access logs.
Besides that, in this case they even seemed to have made a typo-mistake as it says "Goooglebot" with 3 o's.
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office OpenSearch PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder