No clue what this critter is up to as it only attempted 2 page requests and went away.
202.65.156.23 "PussyCat 1.0, Murzillo compatible"Anyone else spotted this "Murzillo" compatible cat?
Update -
Definitely a spammer as it's trying to hit my submit page but the idiot is using a GET instead of a POST so it would always be rejected, not to mention I don't allow his user agent to get onto the site in the first place.
This slimeball tried to hit again from a new location and this time I noticed it's coming via a proxy server:
200.36.112.92 "PussyCat 1.0, Murzillo compatible"So I looked up the original hit and it was also via proxy server:
Forwarded IP -> 85.255.117.218
202.65.156.23 "PussyCat 1.0, Murzillo compatible"Looks like the spammer is trying to cover his tracks routing thru various proxy servers but he's stupid and keeps using the same user agent which is so easily blocked.
Forwarded IP -> 69.50.175.91
Nobody claimed spammers were smart and this one just proves it.
8 comments:
I received a call from this one today:
62.87.211.2 [29/Jun/2006:17:17:54 -0700] "GET /davidbu/micro_solar/bar_light.html HTTP/1.0" 200 16396 "PussyCat 1.0, Murzillo compatible"
62.87.211.2 [29/Jun/2006:17:18:01 -0700] "POST /cgi-bin/mailers/davidbu HTTP/1.0" 200 104 "PussyCat 1.0, Murzillo compatible"
Note the second access - it posted! The mail it sent had a unsername, and was just a bunch of HTML Hotlinks. I think this may be a roboposter trying to spam me through form inputs.
Try a traceroute on this one too:
203.160.1.37 - - [26/Jun/2006:19:33:13 -0700] "GET /davidbu/micro_solar/bar_light.html HTTP/1.1" 200 16396
203.160.1.37 - - [26/Jun/2006:19:33:16 -0700] "GET /davidbu/micro_solar/bar_light.html HTTP/1.1" 304 -
203.160.1.37 - - [26/Jun/2006:19:33:20 -0700] "POST /cgi-bin/mailers/davidbu HTTP/1.1" 200 116
Intentional? Or ignorance?
I also got two spams:
203.160.1.48 - - [29/Jun/2006:16:49:43 -0400] "GET /about/contact.shtml HTTP/1.1" 200 7322 "" "PussyCat 1.0, Murzillo compatible"
203.160.1.48 - - [29/Jun/2006:16:49:46 -0400] "GET /about/contact.shtml HTTP/1.1" 200 7322 "" "PussyCat 1.0, Murzillo compatible"
203.160.1.48 - - [29/Jun/2006:16:50:04 -0400] "POST /cgi-bin/procform.pl HTTP/1.1" 302 5 "http://www.jtsa.edu/about/contact.shtml" "PussyCat 1.0, Murzillo compatible"
165.228.133.11 - - [29/Jun/2006:16:50:06 -0400] "POST /cgi-bin/procform.pl HTTP/1.1" 302 5 "http://www.jtsa.edu/about/contact.shtml" "PussyCat 1.0, Murzillo compatible"
165.228.133.11 - - [29/Jun/2006:16:50:08 -0400] "GET /about/confirm.shtml HTTP/1.1" 200 5067 "http://www.jtsa.edu/about/contact.shtml" "PussyCat 1.0, Murzillo compatible"
Any ideas on how to stop these things?
A bad robot hit /bot-trap/ 2006-07-04 (Tue) 19:01:03
address is 85.255.117.218, agent is PussyCat 1.0, Murzillo compatible
and it times in with 27! contact for posts
Yeah, I got the usual porn & pills spam from it on a contact form, came in via multiple IP adresses, all look like open proxies:
85.249.131.170
200.225.194.49
85.255.117.218
165.228.131.11
125.244.146.130
203.160.1.39
200.88.125.3
203.115.1.135
195.175.37.8
Pussy Cat - meet Mr Firewall.
It also hit me...
A bad robot hit /bad-bot/ 2006-07-10 (Mon) 20:25:28
address is 85.255.117.222, agent is PussyCat 1.0, Murzillo compatible
Don't give the cat ideas:
"not to mention I don't allow his user agent to get onto the site in the first place."
On your list of ip's used by this "signature" add this one:
85.255.117.222... Apparently it comes from Ukraine! It ain't no surprise...
Post a Comment