What is Indy Library?

Published October 12, 2012

Browsing my logs, I see a bot with the user agent "Mozilla/3.0 (compatible; Indy Library)" doing some pretty interesting things.

It appears to be a distributed bot which dictionary attacks login forms. That is to say, it attempts to hack your site. It's (incorrectly) identified mine as Wordpress, but maybe it attacks other CMSs too.

I have a honeypot set up to make this site look like Wordpress which logs login attempts. You can see the results of this here, the Indy Library bot is the first to take the bait and is currently filling up the data quite quickly (although not excessively).

It's using a whole bunch of different IPs:

217.128.175.91
80.35.16.63
188.13.39.226
64.61.155.42
90.182.73.81
71.224.57.62
212.183.165.15
80.59.98.59
2.112.195.83

But instead of using the IPs, as it identifies itself via user agent, you can block it easily with an .htaccess rule 

RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC]
RewriteRule .* - [F]
Filed under: security

Related posts:

Talk is cheap

Leave a comment:

HTML is not valid. Use:
[url=http://www.google.com]Google[/url] [b]bold[/b] [i]italics[/i] [u]underline[/u] [code]code[/code]

Want a Crossword solver app for Android?

Web development by Asgaard Software

'