Didier Stevens

Friday 28 December 2012

Crossbreeding Spiders: Baiduspider And Googlebot

Filed under: Networking — Didier Stevens @ 0:03

While reviewing my webserver’s logs with InteractiveSieve, I noticed a peculiar User Agent String:

Mozilla/4.0 (compatible; +Baiduspider/2.0;++http://www.baidu.com/search/spider.html +Googlebot/2.1;++http://www.google.com/bot.html)

Why would Baidu and Google share a spider?

They don’t. It’s a fake User Agent String. I’ve 12 IP addresses in my logs that use this User Agent String, all from China, but none resolving to a hostname, and certainly not to domains baidu.cn or google.com.

And this fake spider doesn’t make any requests for existing documents, not even robots.txt. It’s only looking for ways to attack my sites:


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.