penge Posted April 24, 2003 Share Posted April 24, 2003 Someone is in the process of placing a huge order, he/she/it has one of everything in the shopping basket and has been online for a couple of sessions. The question is, should I be rubbing my hands waiting for the order to be placed or Could it be malicious bot or something to drain the contents of the shop? Other users might find items out of stock because of the above. Anyone else had this? The IP is 131.107.163.46 - traceroute it times out and I can't resolve the host address Penge Link to comment Share on other sites More sharing options...
orchard Posted April 24, 2003 Share Posted April 24, 2003 http://ws.arin.net/cgi-bin/whois.pl says it's Microsoft. In olden times the men were made of iron and the ships were made of wood; now it's the other way around. :wink: Link to comment Share on other sites More sharing options...
penge Posted April 24, 2003 Author Share Posted April 24, 2003 Thanks for the whois link and indeed it it microsoft! Could this be Bill buying a few (?) gifts fo his wife! Can I start rubbing my hands now - please? Penge Link to comment Share on other sites More sharing options...
Guest Posted April 24, 2003 Share Posted April 24, 2003 Billy got a bad bot but the bad bot billy got got swat so Billy got another bad bot.... Say that really fast ten times...... :shock: Link to comment Share on other sites More sharing options...
penge Posted April 24, 2003 Author Share Posted April 24, 2003 What can I do about it? I have read http://www.oscommerce.com/forums/viewtopic.php...light=microsoft about SmartTags, would this help? Help? Penge Link to comment Share on other sites More sharing options...
penge Posted April 24, 2003 Author Share Posted April 24, 2003 They have put a name on the bot now MicrosoftPrototypeCrawler: 131.107.163.47 ... "MicrosoftPrototypeCrawler (please report obnoxious behavior to [email protected])" Anyone can get a hotmail address, but the ip-address is owned by Microsoft. And I thought I could buy the kid's some new shoes today, never mind! How do I kill the bot! Penge Link to comment Share on other sites More sharing options...
Guest Posted April 24, 2003 Share Posted April 24, 2003 Yeah the other day some "person" put $166 worth of merchandise in their cart, I was so happy, then *poof* they vanished. Kinda upset me. My business has been online since April 17th yet no buyers. :( Link to comment Share on other sites More sharing options...
Guest Posted April 24, 2003 Share Posted April 24, 2003 To combat this I've found that going to the local super/hypermarket and filling up a trolley, then just abandon the sadi trolley and walk out the store. It will make you feel better............... Link to comment Share on other sites More sharing options...
Guest Posted April 24, 2003 Share Posted April 24, 2003 There is a new one out there from Looksmart http://grub.org/.... anyone can download and run it....it claims to "Improve Web Search from Your Desktop!".... this is the speil: Grub uses the power of distributed computing to build the best search on the Web. It automatically crawls the Web in the background, borrowing your computer's spare clock cycles, so you won't even notice it's there. The download is quick, you control how much you crawl, and the cool screensaver shows you the real-time progress your computer is making. You can even compare your stats to other Grubsters in the project! Help perfect the search engine. Join the Grub project today! Frightening..... and it is *NOT* responding to robots.txt.... So.. soon there will be *millions* of ordinary users sending out bots.... just read the webmaster posts thus far on the Grub site to see its effects.... My view is that the issue of 'bots' needs urgent review by international legislatures....... Link to comment Share on other sites More sharing options...
Waza04 Posted April 25, 2003 Share Posted April 25, 2003 To combat this I've found that going to the local super/hypermarket and filling up a trolley, then just abandon the sadi trolley and walk out the store. It will make you feel better............... HAHAHA - Made me laugh so bad!!! :lol: :lol: :lol: :lol: Link to comment Share on other sites More sharing options...
penge Posted April 25, 2003 Author Share Posted April 25, 2003 Well, it's still here and plodding along through the cart. The total so far is ?6000 and rising. Go on, press checkout and put Bill's CC details in! How do I make it go away? Installed the SID killer last night but don't know how to test it. There is a thread on spider traps for /includes/functions/html_output.php - should I be thinking about that? Link to comment Share on other sites More sharing options...
Guest Posted April 25, 2003 Share Posted April 25, 2003 the html_output.php spider killer is very effective you may also want to create a robots.txt file and top well behaved bots from going to certain pages (do a search for robots.txt in the forum) Link to comment Share on other sites More sharing options...
burt Posted April 25, 2003 Share Posted April 25, 2003 Frightening..... and it is *NOT* responding to robots.txt.... Add this at the very top of includes/application_top.php (after the first <?php ! ) $is_grub = strpos(strtolower($HTTP_USER_AGENT), "grub-client"); if ($is_grub == true) { echo "<h3>You are GRUB - you are NOT WELCOME!</h3>"; exit; } Quickly coded, untested. Link to comment Share on other sites More sharing options...
penge Posted April 25, 2003 Author Share Posted April 25, 2003 Thanks for the code, I have updated the file, let's hope it goes away! Link to comment Share on other sites More sharing options...
penge Posted April 25, 2003 Author Share Posted April 25, 2003 My robot file: User-agent : * # Matches any robot name Disallow: /catalog/admin I have tried JenRed's html_output.php spider killer today, it's not causing any problems with the cart but how ho I test it to see if it's working. Will it kill the bot? The bugger is still there and shopping! Penge Link to comment Share on other sites More sharing options...
penge Posted April 25, 2003 Author Share Posted April 25, 2003 I have another one from the same IP 131.107.163.46 and it's started a new buying spree. This is pi**ing me off now, how do I stop it? Link to comment Share on other sites More sharing options...
Guest Posted April 25, 2003 Share Posted April 25, 2003 same place OrgName: Microsoft Corp OrgID: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US NetRange: 131.107.0.0 - 131.107.255.255 CIDR: 131.107.0.0/16 NetName: MICROSOFT NetHandle: NET-131-107-0-0-1 Parent: NET-131-0-0-0-0 NetType: Direct Assignment NameServer: DNS1.CP.MSFT.NET NameServer: DNS2.CP.MSFT.NET NameServer: DNS1.TK.MSFT.NET NameServer: DNS1.DC.MSFT.NET NameServer: DNS1.SJ.MSFT.NET you may want to add that ip range as a disallow in robots.txt Link to comment Share on other sites More sharing options...
orchard Posted April 25, 2003 Share Posted April 25, 2003 Some of my hosts have a place to block access from certain IP addresses, maybe your's does too. In olden times the men were made of iron and the ships were made of wood; now it's the other way around. :wink: Link to comment Share on other sites More sharing options...
penge Posted April 25, 2003 Author Share Posted April 25, 2003 User-agent : * # Matches any robot name Disallow: /catalog/admin Disallow: 131.107.0.0 - 131.107.255.255 Thanks, I'll try it Link to comment Share on other sites More sharing options...
Guest Posted April 25, 2003 Share Posted April 25, 2003 i need more coffee... actually i dont think you can do that (would be nice if you could) - i think that needs to be done in the .htaccess file i am looking at another option :oops: Link to comment Share on other sites More sharing options...
burt Posted April 25, 2003 Share Posted April 25, 2003 Thanks for the code, I have updated the file, let's hope it goes away! That wasn't for you, that was for Johnson (GRUB). You can try this, after the first <?php in application_top: $is_ms = strpos(strtolower($HTTP_USER_AGENT), "microsoftprototypecrawler"); if ($is_ms == true) { echo "<h3>You are Microsoft - you are NOT WELCOME!</h3>"; exit; } I do not know if it will work. Try it and report back - remember that it will still show in whos_online! To get rid off of your site, try this: $is_ms = strpos(strtolower($HTTP_USER_AGENT), "microsoftprototypecrawler"); if ($is_ms == true) { header("Location: http://www.microsoft.com/"); exit; } Give it a go... Link to comment Share on other sites More sharing options...
penge Posted April 25, 2003 Author Share Posted April 25, 2003 .htaccess DirectoryIndex catalog/default.php When I add: Disallow: 131.107.0.0 - 131.107.255.255 I get server error 500. What's the right syntax To Burt I have tried the first code snippet and will let you know what happens Link to comment Share on other sites More sharing options...
Guest Posted April 25, 2003 Share Posted April 25, 2003 from the php manual: The Allow and Deny directives let you allow and deny access based on the host name, or host address, of the machine requesting a document. The directive goes hand-in-hand with these is the Order directive, which tells Apache in which order to apply the filters. The usage of these directives is: allow from address where address is an IP address (or a partial IP address) or a fully qualified domain name (or a partial domain name); you may provide multiple addresses or domain names, if desired. For example, if you have someone spamming your message board, and you want to keep them out, you could do the following: deny from 11.22.33.44 Visitors coming from that address will not be able to see the content behind this directive. If, instead, you have a machine name, rather than an IP address, you can use that. deny from hostname.example.com And, if you'd like to block access from an entire domain, or even from an entire tld (top level domain, such as .com or .gov) you can specify just part of an address or domain name: deny from 192.101.205 deny from exampleone.com exampletwo.com deny from tld Using Order will let you be sure that you are actually restricting things to the group that you want to let in, by combining a deny and an allow directive: Order Deny,Allow Deny from all Allow from hostname.example.com Listing just the allow directive would not do what you want, because it will let users from that host in, in addition to letting everyone in. What you want is to let in only users from that host. Link to comment Share on other sites More sharing options...
Guest Posted April 25, 2003 Share Posted April 25, 2003 The problem though with denying IP addresses is that in the process you may deny thousands of users from accessing your site..... it is obvious the we have a new breed of bot that are becoming a serious performance issue..... just as DOS attacks are illegal, so simply should these bots... I will state again that there needs to be a legislative remedy... Link to comment Share on other sites More sharing options...
penge Posted April 26, 2003 Author Share Posted April 26, 2003 To Burt I have tried the first code snippet and will let you know what happens Checking back this morning one of the bot's has gone, the other was there for an hour or so, now it's gone as well. Before I break open the champagne and send Bill the bill (?) for bandwidth and inconvenience factor, let's see what happens. Penge Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.