New Crawler looking for exploits?

I recently ran across a few entries in some of our log files that
seemed rather odd. Each of the requests were from a user agent
'WebVulnScan/1.0 libwww-perl/5.803' from IP Address 216.179.125.69.
I've tried searching for any info on this one, but to no avail. My
major concern is that all the requests from this user agent start with
reading the robots.txt file and then disobey the directives in there,
only accessing the files and directories explicitly disallowed in the
robots.txt file. They don't crawl any other pages.
Anyone got any ideas as to who or what this is?
I can only assume that it is a crawler looking for known exploits to
take advantage of.

The IP address 216.179.125.69 appears to map to a domain name called
tubgirl.biz. You could always contact them - see here
http://www.whois.net/whois.cgi2?d=tubgirl.biz for contact info.

I've already checked on that information. My main concern isn't
necessarily who 216.179.125.69 is, but what the 'WebVulnScan/1.0
libwww-perl/5.803' User Agent is and why it's intentionally crawling
the pages disallowed by the robots.txt

I also just got WebVulnCrawl and WebVulnScan in my logs,
scanning only the robots.txt file and all the entries there,
it is sort of spooky.
Does anyone know what are the weak points in a website
that this crawler is supposed to be looking for?

Antipodean Bucket Farmer wrote:

Quote:

In article
1133982304.036278.200760 (AT) z14g20...oglegroups.com
, cburton (AT) netphiles (DOT) com says...
I recently ran across a few entries in some of our log files that
seemed rather odd. Each of the requests were from a user agent
'WebVulnScan/1.0 libwww-perl/5.803' from IP Address 216.179.125.69.
I've tried searching for any info on this one, but to no avail. My
major concern is that all the requests from this user agent start with
reading the robots.txt file and then disobey the directives in there,
only accessing the files and directories explicitly disallowed in the
robots.txt file. They don't crawl any other pages.
Anyone got any ideas as to who or what this is?
I can only assume that it is a crawler looking for known exploits to
take advantage of.


"WebVulnScan" appears to be a tool for finding
unsecured servers that could be exploited for spam
redirection. Apparantly, it was started as a
preventative tool, but could also be used by perps...

http://news.spamcop.net/pipermail/spamcop-list/2002-
November/022800.html

http://www.au.sorbs.net/


--
Get Credit Where Credit Is Due
http://www.cardreport.com/
Credit Tools, Reference, and Forum

I found it today and it is pointing to a Google Blog where a Rhode
Island Guy explains what he is doing... I didn't understand it all, tho

this is the url recorded in my logs

http://webvulncrawl.blogspot.com
Agent: WebVulnCrawl.blogspot.com/1.0 libwww-perl/5.803