"William Tasso" <SpamBlocked.DeleteThis@tbdata.com> wrote in message
news:bme2pl$l3229$1@ID-139074.news.uni-berlin.de...
> Greetings one and all
> <a style='text-decoration: underline;' href="http://grub.org/" target="_blank">http://grub.org/</a> is showing up in my logs
> I'm not sure if what they're doing is:
> o helpful/useful.
> o DDOS attack.
> o A virus.
> Anyone have an opinion? --
> William Tasso
I had a few reads by the grub crawlers yesterday. No problem. It is a
search engine which uses free time on home computers to do all the crawling
work. It is a bit like the way SETI@home uses home computers to run spectrum
analyser software on noise received from outer space to try and detect ET.
Here is an example of a grub read - I am pleased it finds my hot bath
holiday pictures of interest!. I guess the reads come from all sorts of
home IP addresses.
12.225.61.138 - - [12/Oct/2003:14:07:57 +0100] "GET /velobad3.htm HTTP/1.1"
200 16426 "-" "Mozilla/4.0 (compatible; grub-client-1.5.3; Crawl your own
stuff with <a style='text-decoration: underline;' href="http://grub.org" target="_blank">http://grub.org</a>)" 81 ref
<a style='text-decoration: underline;' href="http://www.satsig.net/velobad3.htm" target="_blank">http://www.satsig.net/velobad3.htm</a>
For reference if you see either the next two it is a server originated virus
and you need to contact the originating IP address to get the server
cleaned.
Code red virus, single line: default.ida?XXXXXXX..etc
Nimbda virus, several lines together like:
/scripts/%c19c/winnt/system32/cmd.exe
Don't worry about pairs of lines like: _vti_bin/owssvr.dll and
msoffice/cltreq.asp. This is a browser request (from a genuine visitor) to
ask if the web site has a forum.
Best regards, Eric.<!-- ~MESSAGE_AFTER~ -->
>> Stay informed about: Grubby business 
FAQ
Profile
Private Messages
Log in
