On 11/11/19, Greg Wooledge <wool...@eeg.ccf.org> wrote: > On Mon, Nov 11, 2019 at 12:18:17PM -0500, Gene Heskett wrote: >> >> HTTP/1.1" 200 554724 "-" "Mozilla/5.0 (compatible; Daum/4.1; >> +http://cs.daum.net/faq/15/4118.html?faqId=28966)" >> coyote.coyote.den:80 203.133.169.54 - - >> [11/Nov/2019:12:11:29 -0500] "GET >> /gene/nitros9/level1/dalpha/modules/defsfile >> HTTP/1.1" 200 248 "-" "Mozilla/5.0 (compatible; Daum/4.1; >> +http://cs.daum.net/faq/15/4118.html?faqId=28966)" >> coyote.coyote.den:80 203.133.169.54 - - >> [11/Nov/2019:12:11:34 -0500] "GET >> /gene/nitros9/level1/atari/modules/n1_scdwv.dd >> HTTP/1.1" 200 280 "-" "Mozilla/5.0 (compatible; Daum/4.1; >> +http://cs.daum.net/faq/15/4118.html?faqId=28966)" >> coyote.coyote.den:80 203.133.169.54 - - >> [11/Nov/2019:12:11:39 -0500] "GET >> /gene/nitros9/level1/coco1_6309/bootfiles/bootfile_covga_cocosdc >> HTTP/1.1" 200 16133 "-" "Mozilla/5.0 (compatible; Daum/4.1; >> +http://cs.daum.net/faq/15/4118.html?faqId=28966)" >> >> I did ask earlier if daum was a bot but no one answered. They are >> becoming a mite pesky. > > Well, maybe nobody knows. > > I went to daum.net in a web browser, and it looks like it's in an Asian > language. It also looks like it's selling a bunch of stuff (at least, > it's laid out the way a retailer's web page is typically laid out). > > I also went to the URL in your log > <http://cs.daum.net/faq/15/4118.html?faqId=28966>. Again, it's in a > language that I can't read, but it's talking about robots.txt and shows > an example of how to block them. > > So, yes, it's a bot. > > Did you not try either of these steps yourself?
I tried what I do when I get stuff like this: A search engine using either "s-p-a-m" or abuse along with the site in question. This "cs-daum" one pulls up talking a lot about being some kind of mail server, too. That take was garnered yet again via the search results without actually visiting any websites. That didn't make much sense with respect to the complaint, other than it's something that a well-rounded website might be offering. If I'm real sure something's foul, I'll go straight for searching with e.g. "Spamhaus" as an accompanying keyword. As an afterthought, I did just that, too, and received the following: "This is a confirmed bad bot but isn't blocked yet by the blocker:" Credit without visiting the website appears to go to Github account "mariusv" that is tracking issues for "nginx-badbot-blocker". That may change if one actually visits the website. I'm not able to just this second.. I'm glad I did the more generic search first. Mail didn't get much of a mention when Spamhaus was used instead. Something called "hanmail" that may or may not be related got a few "loud" head nods in my first search but was much more buried in the second one. Am donning a conspiracy hat now.... because of all the chatter about machinery on regular occasion. After a few seconds of contemplation, it comes to mind to wonder out loud: Are they hitting it hard... * Just because they can? * Or because it appears to them that there may be steal-worthy information they could turn around and patent or otherwise profit from somehow? The "espionage" angle is becoming ridiculous out there. Just saw something in my inbox yesterday about the military going after a product source or contractor that sold them "Made in the USA" products that were instead made elsewhere. Regular users discovered the fraud when foreign language characters instead of en-US appeared on the screen that was monitoring military folks wearing on-body cameras............... Not joking/exaggerating when I say I'm really starting to wonder about ANY products we buy right now. It's at the top of my own list of concerns because of all that sudden, simultaneous crash-and-burn of my software and multiple pieces of hardware a few weeks ago. Things were working just fine until I bought a couple various new, small add-ons, e.g. a dual bay hard drive docking station and a couple of 64GB [thumb drives]. Even those inexpensive, nay, CHEAP wifi dongles.. I mentioned I bought 3 of those myself a few months back... Who knows.... And how the doodles is the average user supposed to sanity/safety check every single piece of computer-based, possibly chip containing hardware from now on. The implication is that one computer compromised internally that way is most likely networked with a whole bunch of others in the meantime, too. AND.. I don't think how we obtain these items affects any perceived risk in the future. Something from a big box store can be just as easily compromised as single items we may buy from "online marketplaces".... Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with birdseed *
