Trying to inform about how to get information to support a sinkhole for users that pose as fake searchbots and also as content spammers.
Here we have a recent example from the Netherlands: 178.21.113.211 vps926.directvps dot nl Netherlands Unknown Spam Bot masking himself as a normal user 3 20 Sep 2012, 23:27
Host:vps926.directvps dot nl sniffs for IE using using browser check
Here we see other offensive actions performed from this IP: http://www.bizimbal.com/odb/details.html?id=1242040
There a backdoor exploit for a vulnerability under all pages for the Mystique theme is being probed…
Studying these logs for what they contain, security researchers will know actual Metasploit code is being exploited.
The website owner/admin should be made aware that the software is vulnerable to such attacks…
bug dorks are guidelines for those that test these probes.
Websecurity savvy users should be aware of these timthumb 2012 issues: -http://sbcrew.wap.sh/bugs.txt