|Rampant of Redmond|
Shivering my Timbers
| 1:51 am on Jan 8, 2014 (gmt 0)|
Be warned, it's cold in WA:
It hit one popular page dozens of times, non-stop, peaking at 12 hits +per second+
No robots.txt, no favicon, no js, nor images, just this frenziedly packing today's access log;
220.127.116.11 - - [07/Jan/2014] "GET /example.htm HTTP/1.1" 200 10522 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)"
Appears to be genuine MS:
18.104.22.168 - 22.214.171.124 126.96.36.199/14
We're currently directing it to the rubber-room.
| 3:45 am on Jan 10, 2014 (gmt 0)|
That covert M$ UA has been active for years. I safely block it.
| 5:06 am on Jan 10, 2014 (gmt 0)|
KeyP: Thanks, first time it's had a fit on our site. Do you block it on UA or IP range? The UA posted above appears to be legit except for the 64bit WOW64; missing...
| 6:15 am on Jan 10, 2014 (gmt 0)|
Page only? No supporting files? css and js always, midi and piwik.php if it can get them; images only from 199.30.
Not the ordinary plainclothes bingbot, then.
| 7:02 am on Jan 10, 2014 (gmt 0)|
Hence the new thread :)
| 8:16 am on Jan 10, 2014 (gmt 0)|
I do it with a couple filters: if it has that UA *and* comes from that IP *and* asks for... You get the picture.
| 12:52 pm on Jan 10, 2014 (gmt 0)|
Yes, there's a few legitimate bing/msn bots using that IP range/CIDR, but "usually" with a kosher UA, so I'm just directing the specific convulsing IP to a dark-green room.