I have a new website that gets an average of 3-4 real visits a day, plus numerous legitimate bot (Google, Yahoo, MSN etc.) vists.
Given the low traffic, one "visitor" stands out as unusual.
This visitor identifies itself as:
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"
Each day it visits, starting with a "/" URI, then it fetches another dozen or so pages at the rate of 3-4 per second, clearly faster then a legitimate visitor.
The IP address is different for each visit. The last three visits used the following IP address's:
A check of the IP location etc reveals the following:
126.96.36.199 - UNITED STATES - DATABILITY SOFTWARE SYSTEMS INC - DERU.NET
188.8.131.52 - FRANCE - OPEN WEB SOLUTIONS - SERVERS.OWS.FR
184.108.40.206 - KOREA TELECOM - KORNET.NET
Has anybody else seen this? It looks like the IP adress and botname are false, so how can I block it?
Comments welcomed! If you need further information please ask.