View Full Version :, A Spider? possible hack attempt?

06-14-2004, 08:56 AM
Do any of yall know if this is a spider? Ip address

I keep seeing this ip in the whos online tool and it starts multiple sessions and sometimes put like Ten items in the shopping cart and at the same time has like two more sessions started.

I have put a robots.txt file in my root html directory to keep spiders out of certain files and have the setting in admin to kill spider sessions set to true.

This ip keeps coming into my site and starting multiple sessions and adding items to the shopping cart.

I did a whois check and tracked it down to microsoft so thought it would be a msnbot?

Here are the results of my whois:

OrgName: Microsoft Corp
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

NetRange: -
NetHandle: NET-65-52-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Assignment
NameServer: DNS1.CP.MSFT.NET
NameServer: DNS2.CP.MSFT.NET
NameServer: DNS1.TK.MSFT.NET
NameServer: DNS1.DC.MSFT.NET
NameServer: DNS1.SJ.MSFT.NET
RegDate: 2001-02-14
Updated: 2002-12-05

TechHandle: ZM23-ARIN
TechName: Microsoft Corporation
TechPhone: +1-425-882-8080
TechEmail: noc@microsoft.com

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@hotmail.com

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@msn.com

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com

OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: noc@microsoft.com

OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com

# ARIN WHOIS database, last updated 2004-06-13 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Any ideas on if this is a spider and if so how do i stop them from starting sessions and adding items to the shopping cart?

Thanx for any info.

06-17-2004, 10:57 AM
I have the same issue but with a different IP. I would love to see an answer


06-18-2004, 06:39 AM
Reverse dns for that ip gives: msnbot64106.search.msn.com

So yes, it is a crawler. If it is generating sessions on your site, you should either block the bot from your site, or better, switch to forcing cookie usage for sessions. This is done in the sessions section of the administration. That will remove all session id's from your url and solve the problem. Of course, you cannot use Force cookies if you are using shared ssl.