[ale] Irritating OmniExplorer_Bot web bot

Charles Brian Quinn me at seebq.com
Tue Jan 3 14:52:27 EST 2006


Fellow Alers,

I came in this morning to find one of my servers not responding to any 
requests.  After a reboot, a top shows my box has been pegged for a long 
time.  The culprit was found in the apache2 combined logs (for webstats):

64.127.124.130 - - [03/Jan/2006:14:43:08 -0500] "GET 
/gallery2/main.php?g2_view=core.UserAdmin&g2_subView=core.UserLogin&g2_return=http%3A%2F%2Fwww.seebq.com%2Fgallery2%2Fv%2Fitaly%2Fsalone%2FSalone_Internazionale_del_Mobile_105.jpg.html%3Fg2_imageViewsIndex%3D1&g2_returnName=photo 
HTTP/1.1" 403 282 "-" "OmniExplorer_Bot/5.35 
(+http://www.omni-explorer.com) WorldIndexer"
64.127.124.130 - - [03/Jan/2006:14:43:11 -0500] "GET 
/gallery2/main.php?g2_view=core.UserAdmin&g2_subView=register.UserSelfRegistration&g2_return=http%3A%2F%2Fwww.seebq.com%2Fgallery2%2Fv%2Fitaly%2Fsalone%2FSalone_Internazionale_del_Mobile_105.jpg.html%3Fg2_imageViewsIndex%3D1&g2_returnName=photo 
HTTP/1.1" 403 282 "-" "OmniExplorer_Bot/5.35 
(+http://www.omni-explorer.com) WorldIndexer"

It looks like this bot tried to deep index (index - yeah right) my 
entire site, and went through the gallery2 software I installed and 
tried to sign up (register as a user) under each page, add things to its 
cart, etc. etc. repeatedly, while apache2 kept serving up requests and 
spawning new instances to keep up with the "DDOS" style attack.

It is ignoring my robots.txt file, and continues to hammer my site after 
forbidding apache access to it (note the 403s in the log file above).

I'm about to re-emerge apache2 with tcpd support (tcp-wrappers) and add 
that entire subnet to the /etc/hosts.deny .

Annoying.  http://www.omni-explorer.com/ has more information, but 
google tells some other horror stories.

Just an FYI.
-- 
Charles Brian Quinn
www.seebq.com



More information about the Ale mailing list