I have a new website that gets an average of 3-4 real visits a day, plus numerous legitimate bot (Google, Yahoo, MSN etc.) vists.
Given the low traffic, one "visitor" stands out as unusual.
This visitor identifies itself as:
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"
Each day it visits, starting with a "/" URI, then it fetches another dozen or so pages at the rate of 3-4 per second, clearly faster then a legitimate visitor.
The IP address is different for each visit. The last three visits used the following IP address's:
A check of the IP location etc reveals the following:
18.104.22.168 - UNITED STATES - DATABILITY SOFTWARE SYSTEMS INC - DERU.NET
22.214.171.124 - FRANCE - OPEN WEB SOLUTIONS - SERVERS.OWS.FR
126.96.36.199 - KOREA TELECOM - KORNET.NET
Has anybody else seen this? It looks like the IP adress and botname are false, so how can I block it?
Comments welcomed! If you need further information please ask.