tags:

views:

664

answers:

3
+4  Q: 

A User Agent that says just "Mozilla/4.0" is a bot, right?

I'm getting several requests in web apps that are basically wrong in ways my code shouldn't be generating... Mainly it's requests to .ashx without any GET parameters specified.

The user agent is "Mozilla/4.0" (nothing more than that) The IPs vary from day to day.

This is a bot, right?

Thanks!

+4  A: 

This seems very odd to me. Any legitimate bot would identify itself in a way you can recognize. Any malicious bot would be able to do a much better job making the user agent look like a normal browser. This is somewhere in the middle. That, combined with the bad requests, leads me to believe you're dealing with plain old incompetence.

Either way, you probably want to 404 these requests rather than return a yellow screen error.

Joel Coehoorn  2009-05-07 14:26:03
I'm showing the default error page I created, which just says "unexpected error", is a bit more friendly to humans than the YSoD, and also hides the error details from malicious people.I think that should be returning a 500 too, so the bot *should* get a hint...But I agree with your incompetence theory completely.
Daniel Magliola  2009-05-07 14:50:02
You 404 so that a bot doesn't think there's a real page there. Otherwise, a malicious bot might try something else on the page later, and this time they might get lucky. And a search engine will keep coming around now and then to re-index. If you 404 the blank page, the bot will just go away.
Joel Coehoorn  2009-05-07 14:55:39
+4  A: 

According to http://www.user-agents.org the 'Yahoo Mindset: Intent-driven Search' bot reports this.

But yeah it wouldn't be a browser reporting that.

gacrux  2009-05-07 14:33:13
+1  A: 

Are these requests to existing pages you wrote yourself, or do they get a 404?

In the latter case, it could be some sort of scan attack, trying to detect vulnerable application instances before hitting them with an exploit.

Michael Borgwardt  2009-05-07 14:33:22
Nope, they are files I wrote myself (or at least, they exist, like WebResource.axd)The script obviously found them by checking the HTML of other pages.I'm getting error reports because the script is GETting them without parameters (which these files expect)
Daniel Magliola  2009-05-07 14:47:12

related questions

Is there a good reference guide for deciphering http user-agent strings?
How can I change a user agent string programmatically?
List of browser as the are listed in IIS logs
iPhone User Agent
Changing the UserAgent of the WebBrowser control -Winforms C#
ASP.net not generating javascript for some User Agents
Best regex pattern for matching non SP1 IE6 in user agent string?
Changing user agent on urllib2.urlopen
What is a user-agent?
Mobile detection using Javascript
How can I talk to UniProt over HTTP in Python?
How big can a user agent string get?
PHP Sessions + Useragent with salt
With Apache httpd, how do I configure no caching for a given UserAgent?
How to Set User-Agents in an HttpRequest (Unit Testing)
Keeping same session with different user-agents
Applet User-agent
How to detect that a feed reader accesses my page?
Throttle traffic in Apache based on User-Agent
ie useragent wxWidgets
Operating System from User-Agent HTTP Header
IE7 detected as IE6 on Vista...Why?
Fetch a Wikipedia article with Python
Code Golf: What's the quickest way to determine if I'm using IE?