Records of inappropriate access to websites

For the benefit of the wider web community, this page gives details of inappropriate access by robots, scripts, and other forms of suspicious access detected at the following websites: www.lemoda.net, www.sljfaq.org, and kanji.sljfaq.org.

Robot name	Site accessed	Log file	Form of bad access
Linguee Bot (http://www.linguee.com/bot; bot@linguee.com)	www.lemoda.net	linguee-bot-access.txt	Ignored or did not read `robots.txt`
This robot did not look at `robots.txt` before downloading the entire site, including the section `/norobots/` which is specifically forbidden by `robots.txt`. The IP address of the robot, 212.227.136.205, corresponds to that given on the web page in the robot's self-described "user agent".
Lightspeed (69.84.207.147)	www.lemoda.net	lightspeed.txt	Ignored or did not read `robots.txt`
This robot identified itself as an Internet Explorer browser in its user agent field and ignored (did not attempt to read) robots.txt. It requests pages without any time delay between requests, and does not request compressed content, resulting in a larger-than-necessary use of bandwidth.
Multiple Korean-language Android phones	kanji.sljfaq.org	kanji-logs-memory-cgi-ko-kr-unique-ip.txt	Bandwidth drain
A series of IP addresses, all with user agent strings of the form Mozilla/5.0 (Linux; U; Android 2.2; ko-kr; SHW-M180L Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 , apparently Korean-language Android mobile phones, attempted to download PNG images from kanji.sljfaq.org/kanjivg/. A total of 20738 accesses from 4814 unique IP addresses were made from 5th January to 14th February 2011. This continued even when an empty response or redirect response was sent, suggesting that this was an attempt to hog bandwidth rather than to obtain a collection of images. The attached extract from the Apache log file contains one line for each unique IP address, but omits repeated addresses.
94.63.246.3	www.lemoda.net	94.63.246.3.txt	Search for vulnerabilities
This robot looks for badly-programmed PHP files (there are none on this site).
Trend Micro (150.70.75.28, 150.70.75.156, 216.104.15.134, 216.104.15.138, 58.61.164.139, 58.61.164.140)	www.lemoda.net	trend-micro-attacks.txt	Bandwidth drain
A robot misidentifying itself as Internet Explorer version 6.0, from multiple IP addresses belonging to Trend Micro, repeatedly downloads the same pages. It ignores `robots.txt`. It does not use compression to download. See also Trend Micro Malware Discussions (some of the IPs are the same).
MEDIA RAG CORPORATION (58.80.247.46)	www.sljfaq.org	58.80.247.46.txt	Bandwidth drain
A site sent a series of repeated automated requests to English to katakana converter.
Yeti/1.0	www.lemoda.net	yeti.txt	Badly-programmed robot
The "Yeti" robot with a user agent string Yeti/1.0 (NHN Corp.; http://help.naver.com/robots/) is a badly-programmed robot. It fires off multiple requests for pages at an alarming rate. Unlike almost every other web robot, the incompetently programmed Yeti robot does not use any gzip compression, thus resulting in a huge waste of bandwidth as it downloads pages in uncompressed format. The page contains a URL with help but the page is only provided in Korean, even though the crawler downloads pages in English.

Copyright © Ben Bullock 2009-2023. All rights reserved. For comments, questions, and corrections, please email Ben Bullock (benkasminbullock@gmail.com) or use the discussion group at Google Groups. / Disclaimer