On Tue, 30 Oct 2012 06:17:05 -0400
Richard Hipp <d...@sqlite.org> wrote:
This two-phase defense against bots is usually
effective. But last night,
a couple of bots got through on the SQLite website. No
great damage was
done as we have ample bandwidth and CPU reserves to
handle this sort of
thing. Even so, I'd like to understand how they got
through so that I
might improve Fossil's defenses.
The first run on the SQLite website originated in
Chantilly, VA and gave a
USER_AGENT string as follows:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1;
WOW64; Trident/5.0;
SLCC2; .NET_CLR 2.0.50727; .NET_CLR 3.5.30729; .NET_CLR
3.0.30729;
Media_Center_PC 6.0; .NET4.0C; WebMoney_Advisor;
MS-RTC_LM_8)
The second run came from Berlin and gives this
USER_AGENT:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Both sessions started out innocently. The logs suggest
that there really
was a human operator initially. But then after about 3
minutes of "normal"
browsing, each session starts downloading every
hyperlink in sight at a
rate of about 5 to 10 pages per second. It is as if the
user had pressed a
"Download Entire Website" button on their browser.
Question: Is there
such a button in IE?
I just tried it: you can save a URL as a single web page
or a "web archive" (extension .wht,
whatever that means). So it seems quite possible - and it
appears to be the default when
using "save as".
This was with IE 8.
Regards,
Arjen
DISCLAIMER: This message is intended exclusively for the addressee(s) and may
contain confidential and privileged information. If you are not the intended
recipient please notify the sender immediately and destroy this message.
Unauthorized use, disclosure or copying of this message is strictly prohibited.
The foundation 'Stichting Deltares', which has its seat at Delft, The
Netherlands, Commercial Registration Number 41146461, is not liable in any way
whatsoever for consequences and/or damages resulting from the improper,
incomplete and untimely dispatch, receipt and/or content of this e-mail.
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users