1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 8:28 pm May 21, 2026

Forum Moderators: open

Message Too Old, No Replies

Jorgee

         

Pfui

3:53 pm on Jun 30, 2015 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Seen last month and this. This UA amounts to a Denial of Service when it hits multiple IPs at once (as it did to the web IPs in our CIDR) simultaneously. I've seen it go by both --

Jorgee
Mozilla/5.0 Jorgee

-- and it hits 85 OR 102 known exploits -- example dirs: admin, db, php, sql, mysql -- in one swell foop. Plus it inserts your IP address IN every URI:

//[IP-address-here]:80/1phpmyadmin/

(That initial // is part of every URI.)

Have seen it three times from two sources, Austria (a1.net) and Italy (vdsti.it). Jorgee may also be connected to the even more obnoxious hits that begin with --

/Ringing.at.your.dorbell!

-- and include the Google REF: 

http://google.com/search?q=2+guys+1+horse

For more observations, including an 85-URI set and Rewrite examples, see: [skepticism.us...]

lucy24

5:33 pm on Jun 30, 2015 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I suppose it's too much to hope that it literally says "http://google.com" since that's obviously bogus (real google referers use www.) and could then be globally blocked :(

Pfui

7:55 pm on Jun 30, 2015 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



That is the exact referrer, precisely as it appeared all 861 times. Oy.

The UA was not Jorgee but rather all this: x00_-gawa.sa.pilipinas.2015!

(The URIs were every /cgi-bin/ script imaginable combined with "echo"-type commands, and including an IP address to a -- wait for it -- googleusercontent.com account.)

Compared to the massive Jorgee and pilipinas/2+guys+1+horse attacks, the current, single-hit "/xmlrpc.php" hits are gnats.

keyplyr

12:27 pm on Jul 2, 2015 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



2+guys+1+horse

How much damage could these guys really do? After all, they only have one horse between them.

tangor

12:40 pm on Jul 2, 2015 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Where's the riot?

Then again, I run a rather severe .htaccess.... lean toward whitelist, not blacklist. (remembering JD Morgan... miss that dude!)

Leosghost

1:17 pm on Jul 2, 2015 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



How much damage could these guys really do? After all, they only have one horse between them

I'm glad i wasn't drinking anything when I read that ;) ..Well played Sir, well played .. :))
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 8:28 pm May 21, 2026