• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Zend_Http_Client agent?

Floren

Well-known member
#1
Is been few days this agent is hitting my site... I block it today:
Code:
# grep Zend_Http_Client /var/log/nginx/localhost.access.log | tail
173.230.147.144 - - [04/Aug/2014:06:09:38 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:02:46 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:02:47 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:13:04 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:13:06 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:16:29 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:16:31 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:09:39 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:19:59 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:19:58 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"

# dig -x 173.230.147.144 +short
li157-144.members.linode.com.
Any idea who is using this agent? The IP is from linode.com.
 

MattW

Well-known member
#2
Is been few days this agent is hitting my site... I block it today:
Code:
# grep Zend_Http_Client /var/log/nginx/localhost.access.log | tail
173.230.147.144 - - [04/Aug/2014:06:09:38 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:02:46 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:02:47 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:13:04 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:13:06 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:16:29 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:16:31 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:09:39 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:19:59 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:19:58 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"

# dig -x 173.230.147.144 +short
li157-144.members.linode.com.
Any idea who is using this agent? The IP is from linode.com.
Code:
PING community.centminmod.com (173.230.147.144) 56(84) bytes of data.
64 bytes from li157-144.members.linode.com (173.230.147.144): icmp_req=1 ttl=55 time=316 ms
64 bytes from li157-144.members.linode.com (173.230.147.144): icmp_req=2 ttl=55 time=320 ms
64 bytes from li157-144.members.linode.com (173.230.147.144): icmp_req=3 ttl=55 time=312 ms
^C
--- community.centminmod.com ping statistics ---
4 packets transmitted, 3 received, 25% packet loss, time 3003ms
rtt min/avg/max/mdev = 312.893/316.586/320.106/2.947 ms
 

Floren

Well-known member
#8
Probably Proxy Link.
Well, it stopped:
Code:
# grep Zend_Http_Client /var/log/nginx/localhost.access.log | tail
173.230.147.144 - - [04/Aug/2014:08:31:31 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:31:32 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:36:08 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:36:10 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:53:20 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:53:21 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:56:46 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:56:48 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:17:45 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:17:47 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
I still want to know how @eva2000 did the pings. A quick Google search shows that other people have similar issues... Anyways, if a Zend_Http_Client agent tries to access AXIVO site, it will be welcomed with a 403.
[04/Aug/2014:08:17:45 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
@Mike, @Kier, is this a normal behavior?
 
Last edited:

RoldanLT

Well-known member
#11
Well, it stopped:
Code:
# grep Zend_Http_Client /var/log/nginx/localhost.access.log | tail
173.230.147.144 - - [04/Aug/2014:08:31:31 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:31:32 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:36:08 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:36:10 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:53:20 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:53:21 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:56:46 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:56:48 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:17:45 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:17:47 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
I still want to know how @eva2000 did the pings. A quick Google search shows that other people have similar issues... Anyways, if a Zend_Http_Client agent tries to access AXIVO site, it will be welcomed with a 403.

@Mike, @Kier, is this a normal behavior?
Maybe it will trigger a ping when a user browse @eva2000 forum thread and click on the link redirected to your article.


Edit: I just click the link on this post: https://community.centminmod.com/threads/boringssl-released.599/
5 times :D
 

Floren

Well-known member
#14
@eva2000, I did a little research on this and I think is related to actual code, it should not ping the location with a Zend_Http_Client agent. Time to uninstall all add-ons? :D
 

MattW

Well-known member
#17
@eva2000, I did a little research on this and I think is related to actual code, it should not ping the location with a Zend_Http_Client agent. Time to uninstall all add-ons? :D
I don't think it's this add-on for the favicons doing the pings.

The code for it uses google to fetch the favicon via javascript

eg:
http://www.google.com/s2/favicons?domain=mattwservices.co.uk

Code:
XenForo.setFavicons = function(to)
    {
        $(to).each(function(){
            if($(this).has('img').length)
            {
                // skip if the link is an image
                return true;
            }
            $(this).addClass('setFavicon').css(
                "background-image", "url('//www.google.com/s2/favicons?domain=" + this.href + "')"
            );
        });
    }
I know my site is called frequently on TAZ to get the favicon, and I've nothing in my access logs for that agent

Code:
[root@host nginx]# zcat mattwservices.co.uk.log-20140805.gz | grep Zend_Http_Client
[root@host nginx]#
 

RoldanLT

Well-known member
#18
I don't think it's this add-on for the favicons doing the pings.

The code for it uses google to fetch the favicon via javascript

eg:
http://www.google.com/s2/favicons?domain=mattwservices.co.uk

Code:
XenForo.setFavicons = function(to)
    {
        $(to).each(function(){
            if($(this).has('img').length)
            {
                // skip if the link is an image
                return true;
            }
            $(this).addClass('setFavicon').css(
                "background-image", "url('//www.google.com/s2/favicons?domain=" + this.href + "')"
            );
        });
    }
I know my site is called frequently on TAZ to get the favicon, and I've nothing in my access logs for that agent

Code:
[root@host nginx]# zcat mattwservices.co.uk.log-20140805.gz | grep Zend_Http_Client
[root@host nginx]#
They mean Auto Link Title addon of Chris: http://xenforo.com/community/resources/auto-link-titles.2502/

Looks like you are talking about this: http://xenforo.com/community/resources/rellect-favicon-for-links.2525/ @MattW :D