Zend_Http_Client agent?

[Floren]

Is been few days this agent is hitting my site... I block it today:

# grep Zend_Http_Client /var/log/nginx/localhost.access.log | tail
173.230.147.144 - - [04/Aug/2014:06:09:38 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:02:46 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:02:47 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:13:04 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:13:06 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:16:29 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:16:31 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:09:39 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:19:59 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:19:58 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"

# dig -x 173.230.147.144 +short
li157-144.members.linode.com.

Any idea who is using this agent? The IP is from linode.com.

 

[MattW]

Is been few days this agent is hitting my site... I block it today:

# grep Zend_Http_Client /var/log/nginx/localhost.access.log | tail
173.230.147.144 - - [04/Aug/2014:06:09:38 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:02:46 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:02:47 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:13:04 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:13:06 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:16:29 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:16:31 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:09:39 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:19:59 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:06:19:58 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"

# dig -x 173.230.147.144 +short
li157-144.members.linode.com.

Any idea who is using this agent? The IP is from linode.com.

PING community.centminmod.com (173.230.147.144) 56(84) bytes of data.
64 bytes from li157-144.members.linode.com (173.230.147.144): icmp_req=1 ttl=55 time=316 ms
64 bytes from li157-144.members.linode.com (173.230.147.144): icmp_req=2 ttl=55 time=320 ms
64 bytes from li157-144.members.linode.com (173.230.147.144): icmp_req=3 ttl=55 time=312 ms
^C
--- community.centminmod.com ping statistics ---
4 packets transmitted, 3 received, 25% packet loss, time 3003ms
rtt min/avg/max/mdev = 312.893/316.586/320.106/2.947 ms

 

[Floren]

@eva2000, really?
How did you ping the site to show that agent?

 

[MattW]

@eva2000, really?
How did you ping the site to show that agent?

I didn't. I remember seeing the thread on there linking back to your site about the release of BoringSSL
https://community.centminmod.com/threads/boringssl-released.599/

 

[MattW]

@eva2000 - you should set up the Reverse DNS entry in the Linode control panel for your VPS

 

[eva2000]

WT*** Zend_Http_Client = XF related no idea how that happened ?? XF has ping back ?

@eva2000 - you should set up the Reverse DNS entry in the Linode control panel for your VPS
View attachment 79616

ah Linode newb .. just did it ~24hrs to take effect

 

[rdn]

Probably Proxy Link.

 

[Floren]

Probably Proxy Link.

Well, it stopped:

# grep Zend_Http_Client /var/log/nginx/localhost.access.log | tail
173.230.147.144 - - [04/Aug/2014:08:31:31 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:31:32 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:36:08 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:36:10 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:53:20 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:53:21 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:56:46 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:56:48 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:17:45 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:17:47 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"

I still want to know how @eva2000 did the pings. A quick Google search shows that other people have similar issues... Anyways, if a Zend_Http_Client agent tries to access AXIVO site, it will be welcomed with a 403.

[04/Aug/2014:08:17:45 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"

@Mike, @Kier, is this a normal behavior?

 

[eva2000]

no idea. all I did was install XF

 

[Floren]

no idea. all I did was install XF

Do you get any pings on your logs from Zend_Http_Client? I'm wondering if I should 403 it... @Mike?

 

[rdn]

Well, it stopped:

# grep Zend_Http_Client /var/log/nginx/localhost.access.log | tail
173.230.147.144 - - [04/Aug/2014:08:31:31 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:31:32 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:36:08 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:36:10 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:53:20 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:53:21 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:56:46 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:07:56:48 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:17:45 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"
173.230.147.144 - - [04/Aug/2014:08:17:47 -0400] "-" GET /articles/boringssl-released.20/ HTTP/1.1 "403" 369 "-" "Zend_Http_Client" "-" "1.59"

I still want to know how @eva2000 did the pings. A quick Google search shows that other people have similar issues... Anyways, if a Zend_Http_Client agent tries to access AXIVO site, it will be welcomed with a 403.

@Mike, @Kier, is this a normal behavior?

Maybe it will trigger a ping when a user browse @eva2000 forum thread and click on the link redirected to your article.


Edit: I just click the link on this post: https://community.centminmod.com/threads/boringssl-released.599/
5 times

 

[Floren]

Thanks for the test @RoldanLT, but no since yesterday I have no more pings like the previous one I posted from @eva2000's forums. @Mike the new online indicator is great.

 

[eva2000]

ah i think it might be related to an addon I installed on my forums http://xenforo.com/community/resources/auto-link-titles.2502/ as it just happened for my own forums when i posted a link in my own forum thread to another link on my forums

 

[Floren]

@eva2000, I did a little research on this and I think is related to actual code, it should not ping the location with a Zend_Http_Client agent. Time to uninstall all add-ons?

 

[eva2000]

@eva2000, I did a little research on this and I think is related to actual code, it should not ping the location with a Zend_Http_Client agent. Time to uninstall all add-ons?

nooooOOO i like the 110+ addons i have installed

 

[rdn]

nooooOOO i like the 110+ addons i have installed

What! Hahahaah
Just like trying to broke XenForo?

 

[MattW]

@eva2000, I did a little research on this and I think is related to actual code, it should not ping the location with a Zend_Http_Client agent. Time to uninstall all add-ons?

I don't think it's this add-on for the favicons doing the pings.

The code for it uses google to fetch the favicon via javascript

eg:
http://www.google.com/s2/favicons?domain=mattwservices.co.uk

XenForo.setFavicons = function(to)
    {
        $(to).each(function(){
            if($(this).has('img').length)
            {
                // skip if the link is an image
                return true;
            }
            $(this).addClass('setFavicon').css(
                "background-image", "url('//www.google.com/s2/favicons?domain=" + this.href + "')"
            );
        });
    }

I know my site is called frequently on TAZ to get the favicon, and I've nothing in my access logs for that agent

[root@host nginx]# zcat mattwservices.co.uk.log-20140805.gz | grep Zend_Http_Client
[root@host nginx]#

 

[rdn]

I don't think it's this add-on for the favicons doing the pings.

The code for it uses google to fetch the favicon via javascript

eg:
http://www.google.com/s2/favicons?domain=mattwservices.co.uk

XenForo.setFavicons = function(to)
    {
        $(to).each(function(){
            if($(this).has('img').length)
            {
                // skip if the link is an image
                return true;
            }
            $(this).addClass('setFavicon').css(
                "background-image", "url('//www.google.com/s2/favicons?domain=" + this.href + "')"
            );
        });
    }

I know my site is called frequently on TAZ to get the favicon, and I've nothing in my access logs for that agent

[root@host nginx]# zcat mattwservices.co.uk.log-20140805.gz | grep Zend_Http_Client
[root@host nginx]#

They mean Auto Link Title addon of Chris: http://xenforo.com/community/resources/auto-link-titles.2502/

Looks like you are talking about this: http://xenforo.com/community/resources/rellect-favicon-for-links.2525/ @MattW

 

[MattW]

They mean Auto Link Title addon of Chris: http://xenforo.com/community/resources/auto-link-titles.2502/

Looks like you are talking about this: http://xenforo.com/community/resources/rellect-favicon-for-links.2525/ @MattW

Ah! OK then, wasn't sure which of his 110 addons was being questioned