Welcome to WebmasterWorld Guest from 54.224.203.224

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

curious about continuously timed downloads

     
4:05 pm on May 24, 2013 (gmt 0)

New User

joined:May 24, 2013
posts: 2
votes: 0


Hello board,

In my server logs, some suspicious hits caught my attention:

123.125.67.181 - - [23/May/2013:04:04:10 +0200] "GET /xxxx/video1.avi HTTP/1.0" 200 34500 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
220.181.51.218 - - [23/May/2013:04:17:59 +0200] "GET /xxxx/video2.avi HTTP/1.0" 200 34500 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.125.67.181 - - [23/May/2013:04:34:28 +0200] "GET /xxxx/video1.avi HTTP/1.0" 200 16653 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
220.181.51.217 - - [23/May/2013:04:48:19 +0200] "GET /xxxx/video2.avi HTTP/1.0" 200 15180 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
123.125.67.181 - - [23/May/2013:05:04:48 +0200] "GET /xxxx/video1.avi HTTP/1.0" 200 40020 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
220.181.51.156 - - [23/May/2013:05:18:36 +0200] "GET /xxxx/video2.avi HTTP/1.0" 200 49680 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"


This has been going on for months. As you can see, these IPs hit quite regularly every 1/2 hour. They only download small parts of some media files (video/audio), never do they request the webpage associated with those files - which does not really make sense in this case, and also no other files from this server. The traffic they produce still moves these files to the front in the stats.
All the requests come from a narrow range of IPs located in Beijing, China. ISP: Data Communication Division

First, I suspected some kind of proxy but seeing that they seem to never get the whole file, yet request these files with timed regularity, I guess it's some bot... but for what purpose?

I decided to block the IP ranges:

Deny from 123.125.67.180/31 123.125.67.242/31 220.181.51.155/32 220.181.51.156/31
Deny from 220.181.51.158/32 220.181.51.217/32 220.181.51.218/31 220.181.51.220/32


Does anybody here know of such a thing?

Edit: Beijing, not Hong Kong.
5:30 pm on June 6, 2013 (gmt 0)

New User

joined:May 24, 2013
posts: 2
votes: 0


UPDATE

Blocking stopped the spook after two days.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members