Welcome to WebmasterWorld Guest from 220.127.116.11 , register , free tools , login , search , subscribe , help , library , announcements , recent posts , open posts Subscribe to WebmasterWorld
Problems with a recurring visitor how do I stop him Andy_White msg:904535 2:32 pm on Mar 17, 2003 (gmt 0) Hi,
checking my online logs today I noticed a visitor who is looping through the same cycle of 10 images on one of my sites. The requests are a constant loop, it takes less than a second to loop through and then it starts again. So far today it's thousands of requests.
a sample log entry is :-
www.xxxxxxxxx 18.104.22.168 - - [17/Mar/2003:05:33:16 +0000] "GET /images/pic2.jpg HTTP/1.1" 304 - "http://www.xxxxxxxxx/xxxxxxx.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; YComp 22.214.171.124)"
The return code is a 304 so nothing is being sent but it's impacting response times, so I added in a .htaccess to stop it, but that didn't work (see below) and now it's a 403 with data.
www.xxxxxxxxx 126.96.36.199 - - [17/Mar/2003:13:51:41 +0000] "GET /images/pic5.jpg HTTP/1.1" 403 665 "http://www.xxxxxxxxxxxx/xxxxxxx.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; YComp 188.8.131.52)"
Has anybody got any suggestions (I tried suspendeding the site briefly but it's still coming back.
Gibble msg:904536 2:38 pm on Mar 17, 2003 (gmt 0)
ban that IP address Chris_R msg:904537 2:42 pm on Mar 17, 2003 (gmt 0)
OrgAbuseName: Qwest IP Abuse OrgAbusePhone: +1-703-363-3001 OrgAbuseEmail: email@example.com Andy_White msg:904538 3:41 pm on Mar 17, 2003 (gmt 0)
"ban that IP address"
That's what I did,
I put up an htaccess file with
Allow from all Deny from 184.108.40.206
which is when the return code went from a 304 to a 403.
Regarding the abuse, I think it's more the dump bot has got itself caught in an infinite loop, and I want to break the cycle.
Gibble msg:904539 4:00 pm on Mar 17, 2003 (gmt 0)
block it before the webserver Andy_White msg:904540 4:40 pm on Mar 17, 2003 (gmt 0)
"block it before the webserver"
I run an apache web server with multiple sites.
I've currently got the htaccess file in the "web" directory of this specific site.
Where should I put it to stop it before it gets there?
Gibble msg:904541 5:02 pm on Mar 17, 2003 (gmt 0)
I meant block the IP at a router before the webserver