Forum Moderators: DixonJones
This week I published a new web site that nobody is visiting so far, I'm still looking for some incomming links but no spiders have been there yet, well .. just google stoped by the entry page once and last night I saw msn robot also stoping by .. a couple of pages only.
But then I noticed something kind of scary .. this IP 63.148.XX.237 which doesn't resolve in a domain lookup hit my site and did 52 GET requests in less than 2 mins.. it first did a direct request to the domain (no referal) and then looks like started to request each page linked to the entry page, log is showing like if somebody clicked each link.. but 3-4 times per second? ... it looks like paused for 4-5 secs after each set of hits.
In a look up for the IP it shows a telecom company so I can not get too much info from there...
Could someboy give me some more ideas about how to investigate furter this? should I block the access for this IP?
Here some lines from my log:
PS: As per the TOS I have replaced my domain name from the referals .. so www*mydomain*com is my domain ;-)
==============================
63.148.XX.237 - - [20/May/2004:05:50:59 -0500] "GET / HTTP/1.1" 200 10725 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:25 -0500] "GET /area/cayman-islands.html HTTP/1.1" 200 11283 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:26 -0500] "GET /region/bermuda.html HTTP/1.1" 200 6084 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:26 -0500] "GET /index.html HTTP/1.1" 200 10728 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:26 -0500] "GET /region/mexico.html HTTP/1.1" 200 7215 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:28 -0500] "GET /resources.html HTTP/1.1" 200 2176 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:28 -0500] "GET /css/site_style.css HTTP/1.1" 200 6458 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:28 -0500] "GET /area/st-barths.html HTTP/1.1" 200 10868 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:31 -0500] "GET /area/st-barths.html HTTP/1.1" 200 10970 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:33 -0500] "GET /region/las-vegas.html HTTP/1.1" 200 7779 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:33 -0500] "GET /region/us-eastern-states.html HTTP/1.1" 200 10009 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:33 -0500] "GET /area/curacao.html HTTP/1.1" 200 10854 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:36 -0500] "GET /area/puerto-rico.html HTTP/1.1" 200 10990 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:36 -0500] "GET /area/grenada.html HTTP/1.1" 200 10917 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
63.148.XX.237 - - [20/May/2004:05:51:36 -0500] "GET /destination/philadelphia-harrisburg-pa/overview.html HTTP/1.1" 200 10093 "http://www*mydomain*com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
==============================
Thanks,
Carlos.
[edited by: webdiversity at 10:34 pm (utc) on May 21, 2004]
[edit reason] IP addresses amended slightly [/edit]
That is why I love this forum :-) .. I'm reading now about it.
Best regards.
Do a whois lookup [arin.net] on the IP address.
(This lookup link is primarily for U.S. IP address ranges, but it will tell you where to look for others such as RIPE, APNIC, etc.)
Jim
