Is “baidu” Japanese for “WTF”?

Several months ago, I virtualized most of the services running on tim.des.no, so www.des.no now runs in a jail and has its own IP.

This morning, I discovered that I had forgotten to stop the Varnish instance that ran on tim.des.no, and that it was still getting traffic. I looked at the logs, and most of it was what you’d expect (attack bots looking for known vulnerabilities in various web servers or apps which I don’t run), but I certainly did not expect this:

119.63.193.56 - - [17/May/2010:17:30:08 +0000] "GET http://tinderbox.des.no/robots.txt HTTP/1.1" 301 280 "-" "Baiduspider+(+http://www.baidu.jp/spider/)"
119.63.193.56 - - [18/May/2010:17:31:31 +0000] "GET http://tinderbox.des.no/robots.txt HTTP/1.1" 301 280 "-" "Baiduspider+(+http://www.baidu.jp/spider/)"
119.63.193.56 - - [19/May/2010:17:34:23 +0000] "GET http://tinderbox.des.no/robots.txt HTTP/1.1" 301 280 "-" "Baiduspider+(+http://www.baidu.jp/spider/)"
119.63.193.56 - - [20/May/2010:17:33:54 +0000] "GET http://tinderbox.des.no/robots.txt HTTP/1.1" 301 280 "-" "Baiduspider+(+http://www.baidu.jp/spider/)"
119.63.193.56 - - [21/May/2010:17:33:43 +0000] "GET http://tinderbox.des.no/robots.txt HTTP/1.1" 301 280 "-" "Baiduspider+(+http://www.baidu.jp/spider/)"
119.63.193.56 - - [22/May/2010:17:34:41 +0000] "GET http://tinderbox.des.no/robots.txt HTTP/1.1" 301 280 "-" "Baiduspider+(+http://www.baidu.jp/spider/)"
119.63.193.56 - - [23/May/2010:17:34:46 +0000] "GET http://tinderbox.des.no/robots.txt HTTP/1.1" 301 280 "-" "Baiduspider+(+http://www.baidu.jp/spider/)"
119.63.193.56 - - [24/May/2010:17:33:39 +0000] "GET http://tinderbox.des.no/robots.txt HTTP/1.1" 301 280 "-" "Baiduspider+(+http://www.baidu.jp/spider/)"
119.63.193.56 - - [25/May/2010:17:34:31 +0000] "GET http://tinderbox.des.no/robots.txt HTTP/1.1" 301 280 "-" "Baiduspider+(+http://www.baidu.jp/spider/)"
119.63.193.56 - - [26/May/2010:17:34:50 +0000] "GET http://tinderbox.des.no/robots.txt HTTP/1.1" 301 280 "-" "Baiduspider+(+http://www.baidu.jp/spider/)"

Not only does tinderbox.des.no no longer point to that machine, it no longer exists. There is no such DNS entry, and there hasn’t been for months, maybe half a year. Apparently, Baidu has its own caching DNS server which is months, if not years, out of date…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.