alle Seiten werden geholt.. Virus/Trojaner?

Begonnen von Marodeur, 07 Februar 2008, 16:45:25

⏪ vorheriges - nächstes ⏩

0 Mitglieder und 1 Gast betrachten dieses Thema.

Drucken
Nach unten Seiten1
Benutzer-Aktionen

Marodeur

07 Februar 2008, 16:45:25
Hi,

mir fällt seit ein paar Tagen auf, das von völlig unterschiedlichen IP's alle Seiten geholt werden.
Es wird nacheinander alles mit .html (Ich hab mod_rewrite an) geholt, aber keine Bilder, Icons, Dateien, CSS, Includes usw.

Ich hab mal den Beginn gepostet. Weiss jemand, ob derzeit irgendwas läuft? Evtl. auch nur ne Prüfung, ob die Webseiten Virenfrei sind? Oder ist das nur ein dämlicher Bot, der die robots.txt ignoriert?

Der Name der IP da unten ist übrigens mail.cgfmail.com, was mich schon ein wenig stutzig macht.

Code Auswählen

63.139.58.140 - - [07/Feb/2008:12:40:57 +0100] "GET /home.html HTTP/1.1" 200 40527 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:03 +0100] "GET /News.html HTTP/1.1" 200 47868 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:08 +0100] "GET /Downloads.html HTTP/1.1" 200 18133 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:11 +0100] "GET /Gallery.html HTTP/1.1" 200 75301 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:18 +0100] "GET /Topics.html HTTP/1.1" 200 13519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:21 +0100] "GET /Web_Links.html HTTP/1.1" 200 13565 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:23 +0100] "GET /Guestbook.html HTTP/1.1" 200 25603 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:26 +0100] "GET /Surveys.html HTTP/1.1" 200 15263 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:28 +0100] "GET /log-me-in.html HTTP/1.1" 200 15780 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:30 +0100] "GET /register-me.html HTTP/1.1" 200 25994 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:34 +0100] "GET /Feedback.html HTTP/1.1" 200 16942 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:37 +0100] "GET /FAQ.html HTTP/1.1" 200 13005 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:40 +0100] "GET /Impressum.html HTTP/1.1" 200 22705 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:43 +0100] "GET /Guestbook-op-AddEntry.html HTTP/1.1" 200 21183 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:45 +0100] "GET /backend.php?op=news HTTP/1.1" 200 6053 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:47 +0100] "GET /Userinfo-uname-Marodeur.html HTTP/1.1" 200 13519 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:49 +0100] "GET /News-file-print-sid-67.html HTTP/1.1" 200 1395 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:51 +0100] "GET /News-file-friend-op-FriendSend-sid-67.html HTTP/1.1" 200 13351 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:41:56 +0100] "GET /News-file-article-sid-67.html HTTP/1.1" 200 19048 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:42:02 +0100] "GET /News-file-print-sid-66.html HTTP/1.1" 200 2153 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:42:04 +0100] "GET /News-file-friend-op-FriendSend-sid-66.html HTTP/1.1" 200 13355 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:42:07 +0100] "GET /News-file-article-sid-66.html HTTP/1.1" 200 19884 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:42:13 +0100] "GET /News-file-print-sid-63.html HTTP/1.1" 200 1572 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
63.139.58.140 - - [07/Feb/2008:12:42:15 +0100] "GET /News-file-friend-op-FriendSend-sid-63.html HTTP/1.1" 200 13355 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
cu, Ralf
(Korrigiert mich, wenn ich Blödsinn schreibe)

bajazzo

#1
07 Februar 2008, 21:33:28
Hi,
das sieht nach einem bot trap log. oder?
Genie ist die grenzenlose Bereitschaft, sich Mühe zu geben.
Drucken
Nach oben Seiten1
Benutzer-Aktionen