homepage Welcome to WebmasterWorld Guest from 54.167.11.16
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: Receptional & mademetop

Website Analytics - Tracking and Logging Forum

    
curious about continuously timed downloads
mintaka




msg:4577469
 4:05 pm on May 24, 2013 (gmt 0)

Hello board,

In my server logs, some suspicious hits caught my attention:

123.125.67.181 - - [23/May/2013:04:04:10 +0200] "GET /xxxx/video1.avi HTTP/1.0" 200 34500 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
220.181.51.218 - - [23/May/2013:04:17:59 +0200] "GET /xxxx/video2.avi HTTP/1.0" 200 34500 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.125.67.181 - - [23/May/2013:04:34:28 +0200] "GET /xxxx/video1.avi HTTP/1.0" 200 16653 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
220.181.51.217 - - [23/May/2013:04:48:19 +0200] "GET /xxxx/video2.avi HTTP/1.0" 200 15180 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.125.67.181 - - [23/May/2013:05:04:48 +0200] "GET /xxxx/video1.avi HTTP/1.0" 200 40020 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
220.181.51.156 - - [23/May/2013:05:18:36 +0200] "GET /xxxx/video2.avi HTTP/1.0" 200 49680 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"


This has been going on for months. As you can see, these IPs hit quite regularly every 1/2 hour. They only download small parts of some media files (video/audio), never do they request the webpage associated with those files - which does not really make sense in this case, and also no other files from this server. The traffic they produce still moves these files to the front in the stats.
All the requests come from a narrow range of IPs located in Beijing, China. ISP: Data Communication Division

First, I suspected some kind of proxy but seeing that they seem to never get the whole file, yet request these files with timed regularity, I guess it's some bot... but for what purpose?

I decided to block the IP ranges:

Deny from 123.125.67.180/31 123.125.67.242/31 220.181.51.155/32 220.181.51.156/31
Deny from 220.181.51.158/32 220.181.51.217/32 220.181.51.218/31 220.181.51.220/32


Does anybody here know of such a thing?

Edit: Beijing, not Hong Kong.

 

mintaka




msg:4581834
 5:30 pm on Jun 6, 2013 (gmt 0)

UPDATE

Blocking stopped the spook after two days.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved