Splunking User Agent strings
Just thought I'd do a quick survey of the kinds of users trying to hit my site, just for the fun of it, heh.
Fired up Splunk to do a quick search over the past 7 days:
index=myblogindex | dedup useragent | fields useragent | sort useragent | format
The resulting string can be easily copied and massaged further in a text editor (replacing the "in between" strings like " ) OR ( useragent=" with \n)
I'm pretty interested still (as always) to see how easy it is to profile/"follow" an individual user due to uniqueness of each OS-browser's useragent (UA) strings, but that's another story for another exercise, another day...
Here're some of the more interesting UA strings and analyses. And these were harvested only over a span of 7 days!
BlackBerry9530/5.0.0.732 Profile/MIDP-2.1 Configuration/CLDC-1.1 VendorID/105
SonyEricssonC905/R1FA Browser/NetFront/3.4 Profile/MIDP-2.1 Configuration/CLDC-1.1 JavaPlatform/JP-8.4.3
T-Mobile Dash Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone; 320x240;) MSNBOT-MOBILE/1.1 (+http://search.msn.com/msnbot.htm)
Love it when I see mobile browsers' UA strings, wonder how much further could I dig into them in the future...
Flight Deck Bot 1.3 beta (http://www.flightdeckreports.com/bot)
Flight Deck's a game that I recently restarted my tactics experiments with, wonder how exactly did they hit my site? No referrers sent with the requests, but I suspect they came via Twitter. Or was it even the same Flight Deck site? Too lazy to dig further for now 
Mozilla/4.0 (PSP (PlayStation Portable); 2.00)
PSP...?
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; sbcydsl 3.12; YComp 5.0.0.0; YPC 3.2.0; FunWebProducts; .NET CLR 1.1.4322; ZangoToolbar 4.8.2; yplus 5.1.04b)
Interesting to see how many people have installed adware/spyware like FunWebProducts. There're other examples in my logs too of such malware that modify the UA string, which makes it possible to do detection and statistics in perimeter devices like IDSes...
Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1_2 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Mobile/7D11
Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1_3 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Mobile/7E18
Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Mobile/8A306
Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A306 Safari/6531.22.7
Mozilla/5.0 (iPod; U; CPU iPhone OS 3_1_3 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7E18 Safari/528.16
Mozilla/5.0 (iPod; U; CPU iPhone OS 3_1_3 like Mac OS X; nl-nl) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7E18 Safari/528.16
iPhones/iPods/iWhatNot. OS AND browser versions all revealed! Now, how about some "automatic" "jailbreaking"? Heh heh heh...not!
SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)
Googlebot using SAMSUNG phones?! Either Google has some wicked architecture to incorporate mobile phones as crawlers, or that this is a very confused bot 
Wget/1.12 (linux-gnu)
Wget/1.9+cvs-stable (Red Hat modified)
curl/7.18.2 (i386-pc-win32) libcurl/7.18.2 zlib/1.2.3
curl/7.19.6 (i386-pc-win32) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3
When you see your site being accessed by programs like wget and curl, and it's not Amazon's AWS (use Splunk's lookup dnslookup clientip to find out the clienthost name), it's a very safe bet that they're zombies/compromised user computers as part of a botnet. The clienthost names and many different IP addresses would confirm that they're zombies.
Well, that's all for today folks! Feel free to comment/discuss below 
Pig Rabbit
It has finally arrived!
Wife had been pretty crazy about really liked the show You're Beautiful, so as a surprise present...
Got it from YesAsia online, the delivery was delayed, but at least it got here.
She went totally nuts when she saw it eh 
Glad it turned out well...heh.
The iPhone has no slot available for the mobile strap, so it goes on the bag...
Spiritual Gifts: From one God, for the one Body
From 1 Corinthians 12:
All who who declare that "Jesus is Lord!" has the Spirit in them. And it is the Spirit that gives different gifts to different believers as he pleases (hence the term spiritual gifts). These gifts could also be used outside the church (e.g. skills, character), but they are primarily meant to be exercised for the common good of the church. Since the source and goal of the gifts are the same for all, the gifts do not determine the value of every individual believer.
Within the church every believer is put in a different position within the church for different functions, just as the body has different parts with different functions. Every part within the body is important, likewise, every believer within the church is important. And like the body where every members' suffering and wellbeing is linked with each other, the members of the church are also supposed to be where one rejoices, everyone rejoices together, and vice versa.
The point of the God-given gift(s) cannot be for the pride/glory of the individual, but rather it must always be seen as something to be used for the good of the whole family, and that each person has his/her equally important place within the whole.