Noticed this agent NV32ts hitting my site with a 100 page reload whois? Anyone have any additional information? Came from Colombia? Dynamic-IP-1901588191.cable.net.co
i've never seen that user agent before, and i coudn't find much info on it.. But if it was hitting my site hard, i would just block the IP.
IP blocking should be done carefully and managed with either a program or some procedure to measure and log how much is being blocked. For example, Randy, when I clicked through to your blog and visited a page other than the hoem page I got a 403 error. (said something about blocking Opera)
huh.. well, that's not from blocking your IP.. if you dont mind, please do it again then PM me the time that you did it, and your IP, so i can see what the issue is.
Yeah, it doesn't seem to be an IP block; but it is related to your blocking system I've sent you a PM Randy.
My IDS log shows that it’s a testing for default SQL injection. IDS log dump (anonymized): 47 45 54 20 2F xx xx xx xx xx xx xx xx xx xx xx GET /xxxxxxxxx xx xx 63 6F 6E 74 61 63 74 xx xx xx xx xx xx xx/contactxxxxxx xx xx 2F xx xx xx xx xx xx xx xx xx 73 70 78 3F xx/xxxxxxxxaspx? 73 63 5F 6C 61 6E 67 3D 65 6E 27 25 32 30 41 6E sc_lang=en’%20An 64 25 32 30 63 68 61 72 28 31 32 34 29 25 32 62 d%20char(124)%2b 28 53 65 6C 65 63 74 25 32 30 43 61 73 74 28 43 (Select%20Cast(C 6F 75 6E 74 28 31 29 25 32 30 61 73 25 32 30 76 ount(1)%20as%20v 61 72 63 68 61 72 28 38 30 30 30 29 29 25 32 42 archar(8000))%2B 63 68 61 72 28 31 32 34 29 25 32 30 46 72 6F 6D char(124)%20From 25 32 30 5B 73 79 73 6F 62 6A 65 63 74 73 5D 25 %20[sysobjects]% 32 30 57 68 65 72 65 25 32 30 31 3D 31 29 3E 30 20Where%201=1)>0 25 32 30 61 6E 64 25 32 30 27 27 3D 27 20 48 54 %20and%20â€=’ HT 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 TP/1.1..User-Age 6E 74 3A 20 4E 56 33 32 74 73 0D 0A 48 6F 73 74 nt: NV32ts..Host