Googlebounce
I've had my google search attempts blocked by google - I get a page saying that I'm a bot searching google and to check my machine for viruses and spyware. Now, my logs don't show any excessive google access, and iptraf on the firewall can't find any either. Anyone else come across this? Oh, I note that google are still happy to googlebot my website on aforementioned network... Vik :v) -- Vik Olliver [EMAIL PROTECTED] The Olliver Family
Re: Googlebounce
I've had my google search attempts blocked by google - I get a page saying that I'm a bot searching google and to check my machine for viruses and spyware. Now, my logs don't show any excessive google access, and iptraf on the firewall can't find any either. Anyone else come across this? You aren't alone: http://isc.sans.org/diary.php?date=2005-02-02 Scroll down to the To Google, you are malware section. From the text: Our testing shows that this behavior isn't automatically triggered - there appears to be a sliding scale (searches per minute per IP?) that causes this to activate. This is an apparent reaction to recent PHP web-application based malware using Google to find targets, and I can't say I disagree with their tactics in this case. What do the ISC readers think? What are you searching for? Regards Daniel
Re: Googlebounce
Hi Vic, search from google.co.nz for Vicbot returned: http://www.google.co.nz/search?hl=enq=vicbotbtnG=Google+Searchmeta= Following is some documentation for some old computer equipment *...* http://www.geocities.com/saipan59/robots/robots *...* It is still under construction. *VICBOT* picture. *...* *VICBOT* bottom view. The motors are cordless screwdrivers, with their battery compartments cut off. *...* www.geocities.com/saipan59/robots/robots Regards Michael I've had my google search attempts blocked by google - I get a page saying that I'm a bot searching google and to check my machine for viruses and spyware. Now, my logs don't show any excessive google access, and iptraf on the firewall can't find any either. Anyone else come across this? Oh, I note that google are still happy to googlebot my website on aforementioned network... Vik :v) -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.5 - Release Date: 3/02/2005
Re: Googlebounce
On Wed, 2005-02-09 at 09:36 +1300, goldedge wrote: Hi Vic, search from google.co.nz for Vicbot returned: http://www.google.co.nz/search?hl=enq=vicbotbtnG=Google+Searchmeta= Er, yeah. Can't run that one myself though. Nor can anyone else on the family network. I remember the Vic 20. Shame they spelt it wrong :) Vik :v) -- Vik Olliver [EMAIL PROTECTED] The Olliver Family
Re: Googlebounce
On Wed, 2005-02-09 at 09:28 +1300, Daniel Grant wrote: From the text: Our testing shows that this behavior isn't automatically triggered - there appears to be a sliding scale (searches per minute per IP?) that causes this to activate. This is an apparent reaction to recent PHP web-application based malware using Google to find targets, and I can't say I disagree with their tactics in this case. What do the ISC readers think? What are you searching for? Various. Dunno what the kids are doing on their computers, other than running Linux. Could be that my ISP is running a transparent proxy, and someone else on my ISP is infected. That'd screw me too if the proxy always claims to be the same IP address. I think Google's advertisers might have something to say about this. Vik :v) -- Vik Olliver [EMAIL PROTECTED] The Olliver Family
Re: gOOGLEBOUNCE fwd Re: [dunlug] Google broken?]
Hi Vic this may be of use, I doubt you have an infection and am guessing google has blocked your tcpip address dyndns.org or similar may be a way around it? http://www.securityfocus.net/archive/105/389149/2005-01-30/2005-02-05/0 http://www.clamav.net Regards Michael Vik Olliver wrote: On Wed, 2005-02-09 at 11:45 +1300, goldedge wrote: Hmm. Google put that in place as a solution to the phpBB worm that was going around. What I'd do: * make sure you don't have the worm. Are you running apache with phpBB on any of the machines? If so, run a traffic sniffer that can see everything on the network, and don't do anything for a while. See if there is unexpected outgoing traffic. Nope, don't have phpBB even as an unused .deb file. * have you changed IP address? Maybe you've picked up one from someone else who had it. Try changing again. Static IP, but gawd knows what my ISP does in the way of transparent proxying. This worm (Santy iirc) affects both Linux and Windows, although mainly Linux (as it requires things like Perl and wget that usually aren't installed on Windows). Is there a specific checker? Google is out off reach, and anonymizer says I've used it too much and owe it a subscription. Looks like I need to find a new line in unrestricted resources as well! Vik :v) -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.5 - Release Date: 3/02/2005
Re: gOOGLEBOUNCE fwd Re: [dunlug] Google broken?]
On Wed, 2005-02-09 at 12:51 +1300, goldedge wrote: Hi Vic this may be of use, I doubt you have an infection and am guessing google has blocked your tcpip address dyndns.org or similar may be a way around it? http://www.securityfocus.net/archive/105/389149/2005-01-30/2005-02-05/0 I have a proper static IP, hosted by Maxnet. http://www.clamav.net I'll install and run clamav as a precaution. Vik :v) -- Vik Olliver [EMAIL PROTECTED] The Olliver Family