crazy crawling user agent PHP/5.2.8

[PPPoE100]

Hello coders,

 

would you please help us with this httpd log,

we assume this spider php script is copying our forum contents in a very fast manner.

it caused us a heavy resource utilization. we banned the abuser IP & user-agnet "PHP/5.2.8" 

 

our questions are:

what do you think this method is.

can they rebuild what they got at a database level.

 

Thank you all

 

4.68.99.xx - - [08/Sep/2009:20:15:43 +0300] "GET /forum/printthread.php?pp=100&t=52427 HTTP/1.1" 200 45623 "-" "PHP/5.2.8"
4.68.99.xx - - [08/Sep/2009:20:15:43 +0300] "GET /forum/printthread.php?pp=100&t=52428 HTTP/1.1" 200 4812 "-" "PHP/5.2.8"
4.68.99.xx - - [08/Sep/2009:20:15:43 +0300] "GET /forum/printthread.php?pp=100&t=18299 HTTP/1.1" 200 9162 "-" "PHP/5.2.8"
4.68.99.xx - - [08/Sep/2009:20:15:43 +0300] "GET /forum/printthread.php?pp=100&t=18300 HTTP/1.1" 200 19332 "-" "PHP/5.2.8"
4.68.99.xx - - [08/Sep/2009:20:15:43 +0300] "GET /forum/printthread.php?pp=100&t=52430 HTTP/1.1" 200 29166 "-" "PHP/5.2.8"
4.68.99.xx - - [08/Sep/2009:20:15:44 +0300] "GET /forum/printthread.php?pp=100&t=52431 HTTP/1.1" 200 7088 "-" "PHP/5.2.8"
4.68.99.xx - - [08/Sep/2009:20:15:44 +0300] "GET /forum/printthread.php?pp=100&t=18302 HTTP/1.1" 200 41565 "-" "PHP/5.2.8"
4.68.99.xx - - [08/Sep/2009:20:15:44 +0300] "GET /forum/printthread.php?pp=100&t=18303 HTTP/1.1" 200 6586 "-" "PHP/5.2.8"
4.68.99.xx - - [08/Sep/2009:20:15:44 +0300] "GET /forum/printthread.php?pp=100&t=52432 HTTP/1.1" 200 16547 "-" "PHP/5.2.8"
4.68.99.xx - - [08/Sep/2009:20:15:44 +0300] "GET /forum/printthread.php?pp=100&t=18304 HTTP/1.1" 200 16025 "-" "PHP/5.2.8"
4.68.99.xx - - [08/Sep/2009:20:15:44 +0300] "GET /forum/printthread.php?pp=100&t=52433 HTTP/1.1" 200 39769 "-" "PHP/5.2.8" 

[RussellReal]

sure they can take what they got and put it all into a database if they parsed just the posts

 

I did something like this for a friend of mine a while back.. he had hired a photographer for his wedding and the photographer wouldn't give him the files but the photographer gave him photo copies and posted his wedding online in some sort of 'display' on his website.. so I created a spider so to speak so he can get his pictures fast.. he probably will do something with the data otherwise why create a spider? Unless hes just testing it.. anyway.. best of luck

[keldorn]

Thats a strange IP. Its on the 4.0.0.0 range. Level 3 owns that range and I haven't heard of any of webhosts having that range.

 

 

[PPPoE100]

sure they can take what they got and put it all into a database if they parsed just the posts

 

I did something like this for a friend of mine a while back.. he had hired a photographer for his wedding and the photographer wouldn't give him the files but the photographer gave him photo copies and posted his wedding online in some sort of 'display' on his website.. so I created a spider so to speak so he can get his pictures fast.. he probably will do something with the data otherwise why create a spider? Unless hes just testing it.. anyway.. best of luck

 

thank you Russell,  could you explain more of this  " if they parsed just the posts "

is this a script you have heard of .. ?!

as for this photographer, its all based on initial agreement. when get married you as should ask for flash memory

 

 

 

[PPPoE100]

Thats a strange IP. Its on the 4.0.0.0 range. Level 3 owns that range and I haven't heard of any of webhosts having that range.

 

you are correct, I changed the ip address,

i could also say that the abuser server & our server are both at the same host.

any ideas of this script or methods.

 

Thanks