If you've ever seen an HTTP request in your logs like this and wondered what they are
GET / HTTP/1.1
Accept-Encoding: identity
Host: www.mywebsite.com
Connection: close
User-Agent: Python-urllib/2.7
The most common explanation is, based on the user-agent, that somebody wrote a python script (or is using somebody else's) that is hitting your website. You can learn more about the urllib2 at this link. It states that "By default urllib2 identifies itself as Python-urllib/x.y" which is what you see here, that somebody has Python 2.7 installed and ran a command or script that utilized that library's default user-agent string when connecting.
Whether it's malicious or not is another story. It could be a security researcher just doing his thing and saving the world, or it could be a bad guy reconing or poking/prodding your site, or it could be some joe-blow script kiddie just grabbing somebody else's script and experimenting across the Internet.
More about neonprimetime
Top Blogs of all-time
Top Github Contributions
Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment