Jump to content

bots searching places/files that dont exist


real_illusions
 Share

Recommended Posts

i have an error system set in place, that whenever a file or folder or whatever is attempted to load, it sends me an email detailing what the error was, where, when, what page or file, time, and i can tell if its a real person or a bot.and the bots are trying to access files that dont exist, or haven't existed for several months at least.is there anyway of making them search only the files that are on the server and not some that are out of date and dont exist?its mostly yahoo bots that trying to find the wrong pages which haven't been online for several months, and trying to contact yahoo is like trying to get a brick to recite the whole works of shakespeare in japanese.but anyway, its mostly unknown bots that are not finding weird files like this -/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=6551&STRMVER=4&CAPREQ=0any suggestions??

Link to comment
Share on other sites

It sounds like you have links pointing to things that aren't there. The best way to clean that up is to find the links that point there and change them. If you aren't already, log the referrer and track down where the links are.

Link to comment
Share on other sites

That's kind of weird... I can't see some spider just randomly trying an address like "/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=6551&STRMVER=4&CAPREQ=0" without a link. If you took this site over, could it possible that those links were present in the past? One thing you could try doing is searching Google (or Yahoo) for that address, and see what pops up.OK, I did some searching, and I think I've figured it out. As you can see, the url is "/MSOffice/cltreq.asp". Something to do with MS Office. You may also see requests for owssvr.dll. At first I thought it might be a hack attempt, someone trying to exploit a FrontPage extension or something like that, so they ping the site to see if you have the extension installed (the NIMDA worm did something similar). What I think now (c.f. here) is that this is an IE toolbar, and if someone has the Office discussion toolbar installed, IE will send a request to the server looking for these files to see if your server supports the discussion. I've seen people with the toolbar installed, where it says the website doesn't support discussions, and I wonder how it knew that. This is how, it sends a request for the specific build and version of the software it has installed and see if it gets anything back. IE phishing for discussions.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...