Results 1 to 3 of 3

Thread:, A Spider? possible hack attempt?

  1. #1

    Default, A Spider? possible hack attempt?

    Do any of yall know if this is a spider? Ip address

    I keep seeing this ip in the whos online tool and it starts multiple sessions and sometimes put like Ten items in the shopping cart and at the same time has like two more sessions started.

    I have put a robots.txt file in my root html directory to keep spiders out of certain files and have the setting in admin to kill spider sessions set to true.

    This ip keeps coming into my site and starting multiple sessions and adding items to the shopping cart.

    I did a whois check and tracked it down to microsoft so thought it would be a msnbot?

    Here are the results of my whois:

    OrgName: Microsoft Corp
    OrgID: MSFT
    Address: One Microsoft Way
    City: Redmond
    StateProv: WA
    PostalCode: 98052
    Country: US

    NetRange: -
    NetHandle: NET-65-52-0-0-1
    Parent: NET-65-0-0-0-0
    NetType: Direct Assignment
    NameServer: DNS1.CP.MSFT.NET
    NameServer: DNS2.CP.MSFT.NET
    NameServer: DNS1.TK.MSFT.NET
    NameServer: DNS1.DC.MSFT.NET
    NameServer: DNS1.SJ.MSFT.NET
    RegDate: 2001-02-14
    Updated: 2002-12-05

    TechHandle: ZM23-ARIN
    TechName: Microsoft Corporation
    TechPhone: +1-425-882-8080

    OrgAbuseHandle: HOTMA-ARIN
    OrgAbuseName: Hotmail Abuse
    OrgAbusePhone: +1-425-882-8080

    OrgAbuseHandle: MSNAB-ARIN
    OrgAbuseName: MSN ABUSE
    OrgAbusePhone: +1-425-882-8080

    OrgAbuseHandle: ABUSE231-ARIN
    OrgAbuseName: Abuse
    OrgAbusePhone: +1-425-882-8080

    OrgNOCHandle: ZM23-ARIN
    OrgNOCName: Microsoft Corporation
    OrgNOCPhone: +1-425-882-8080

    OrgTechHandle: MSFTP-ARIN
    OrgTechName: MSFT-POC
    OrgTechPhone: +1-425-882-8080

    # ARIN WHOIS database, last updated 2004-06-13 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    Any ideas on if this is a spider and if so how do i stop them from starting sessions and adding items to the shopping cart?

    Thanx for any info.

  2. #2


    I have the same issue but with a different IP. I would love to see an answer


  3. #3
    osCMax Developer, A Spider? possible hack attempt?

    michael_s's Avatar
    Join Date
    Jul 2002
    Phoenix, AZ
    Total Contributions For

    michael_s     $ 10.00
    Rep Power


    Reverse dns for that ip gives:

    So yes, it is a crawler. If it is generating sessions on your site, you should either block the bot from your site, or better, switch to forcing cookie usage for sessions. This is done in the sessions section of the administration. That will remove all session id's from your url and solve the problem. Of course, you cannot use Force cookies if you are using shared ssl.
    Michael Sasek

    osCmax 2.5.4 is now available via auto-installation using Softaculous!

    Stay Up To Date with everything osCMax:
    osCmax on Twitter - Up to the minute info as it happens. Know it first.

    osCmax Documentation

Similar Threads

  1. Image size hack for product pages
    By brendanl79 in forum osCmax v2 Customization/Mods
    Replies: 10
    Last Post: 06-15-2007, 01:37 PM
  2. Spider Sessions
    By Studio143 in forum osCmax v1.7 Discussion
    Replies: 1
    Last Post: 05-14-2005, 01:21 PM
  3. Spider Safe URLs?
    By operadivamommy in forum osCmax v1.7 Discussion
    Replies: 0
    Last Post: 09-10-2004, 09:04 AM
  4. Need help with a simple product listing hack...
    By Nocturnaloner in forum osCommerce 2.2 Modification Help
    Replies: 2
    Last Post: 06-04-2004, 09:14 AM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts