Welcome to WebmasterWorld Guest from 50.16.52.237

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

CHINANET Beijing Province Network hammering my site!

They eat 403s but keeping coming like a mad-dog!

     
10:24 pm on Feb 25, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


Hi,
Log files for just 1 day, various times.

Why do they keep coming?
Cyberwar?
Hold the course?
Thanks,
E

1.202.218.8 - - [25/Feb/2012:02:29:22 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:03:16:23 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:04:44:25 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:05:33:05 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:06:30:51 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:08:19:41 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:08:53:46 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:10:11:50 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:12:04:56 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:12:14:55 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
10:45 pm on Feb 25, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2038
votes: 1


With apologies to Alfred Lord Tennyson:

Ours is not to reason why, Ours is but to do: Deny.
10:55 pm on Feb 25, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


Pfui, is that like pfffff?

ahhh, but don't they get it? are they like a love addict that just won't go away?

I'm going to send them an email and see what they say.

Anyone else?
11:40 pm on Feb 25, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 24, 2002
posts:894
votes: 0


Yep, I'm seeing the same idiot trying over and over again regardless what I throw at it (except content of course)

It used to call itself JikeSpider now it's logged as "Mozilla/5.0 (no closing quotes)and always comes with the same number.
11:58 pm on Feb 25, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


Cyber it is: "U.S. cyber espionage report names China and Russia as main culprits"

"China has set up Project 863"

IP in question listed here: [abovetopsecret.com...]

Nothing I can do but let hammer their numskulls away.

Not sure if I want to email them as I might get spam. person: Hostmaster of Beijing Telecom corporation CHINA TELECOM
nic-hdl: HC55-AP
e-mail: bjnic@bjtelecom.net
address: Beijing Telecom
address: No. 107 XiDan Beidajie, Xicheng District Beijing
phone: +86-010-58503461
fax-no: +86-010-58503054
country: cn
1:37 am on Feb 26, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13264
votes: 362


Very very few spiders react to a 403. It's like a routine shopping list: if the store is out of one item, you don't head straight for the checkout and abandon the rest of the list. Hey, who knows, maybe they'll let me in to the 84th page I ask for.

In fact I've only met one or two robots who seemed to behave differently when they didn't get the expected 403 --for example by arriving from an IP I didn't know about. And I have to say: those are scary. Better to be hit with a bunch of stupid robots than one with a brain. ("Store's out of eggplant, so don't bother about the next six items, which are all the other ingredients for eggplant parmigiana.")
2:06 am on Feb 26, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


I don/t bother using my robot.txt much these days, easier to see where they are coming from, do quick research, and 9 times out of 10, they ain't good, so I just fatten up my htaccess file.
6:31 am on Feb 26, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13264
votes: 362


Ditto. I use robots.txt to say which areas are off limits to everyone all the time. But if there's someone I don't want snuffling around, period, we go straight to the 403. You could probably count on the fingers of one hand the number of undesirable robots that faithfully obey robots.txt. I mean, if they're so polite, why would you want to block them? :)
6:49 am on Feb 26, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


Not to say I don't use robots.txt, just that I scan to see if certain ones are respectful, & most of the time I find the answer here. The others can feel my sting, and as I wrote the initial post here, 1.202.218.8 has hit again. Should I?
8:05 pm on Feb 26, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


They are still pounding away! How do fix my htaccess file so if they come back, to send them somewhere else?
thx
8:22 pm on Feb 26, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


Their getting denied access.

Your not able to prevent the 403's from appearing in your logs (actually you may but its not worth the bother).

Your 403 file is 4243 (4.2kb) which presents no real server load.
You could serve them a more custom (almost empty 403) with 1/20th or less the file size.

Their hitting everybody, not just you.
Let 'em burn themselves out.
8:29 pm on Feb 26, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


Thanks for your note wilderness.

I s'pose it wouldn't do any good to email them? Submit their email to dozens of newsletters? :)

bjnic@bjtelecom.net
8:35 pm on Feb 26, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2038
votes: 1


Any additional denying/rewriting means more server steps, more server log lines, more wasted resources. If you don't care, send them packing to nowhere, a la:

RewriteRule .* http://127.0.0.1/ [L,R=301]

Thing is, they won't care. Best step? Ignore them and move on.

Make content, not war:)

Heck, be glad they're hitting as infrequently as they are. To me, hammering is more like upwards of 10 pages per second, not one or two an hour. THIS is hammering... [webmasterworld.com...]
8:42 pm on Feb 26, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


Thanks Pfui for the reassurance,

I feel better, and thanks for the rule. If I get more hits, I'll try it.
8:49 pm on Feb 26, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


I s'pose it wouldn't do any good


Why waste your time.
They likely only comprehend some obscure dialect of Manchurian anyway ;)
9:04 pm on Feb 26, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


You're right wilderness,

Case closed. Gotta clean-up & prep for supper anyway.

Thanks alot everyone!
1:12 am on Feb 27, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13264
votes: 362


If you don't care, send them packing to nowhere, a la:

RewriteRule .* http://127.0.0.1/ [L,R=301]

I did this for a while before realizing that they don't really go there, because robots have the option of not following redirects. But a 301 takes up even less room than a 403-- and some robots do slow down. (An earlier generation of my Ukrainians did.) Maybe they have to stop and figure out what to do next.

I've also seen the suggestion of redirecting them back to their own IP. Don't know what effect this would have if the source is an infected computer belonging to an unsuspecting human, rather than a genuine robot.
1:46 am on Feb 27, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


Thanks lucy24,

I'll try it. It'll give me a little rush to mess them up.

I presume the IP (127.0.0.1) is a filler for the real one?
3:39 am on Feb 27, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13264
votes: 362


No, 127.0.0.1 means yourself. It's the computer equivalent of contemplating your navel. You can try it by opening a new browser window and putting 127.0.0.1 in the address bar.

Can someone explain in words of two syllables where the "It works!" * comes from? Even Lynx and MSIE 5 say it :)


* Or, to be exact:

<html><body><h1>It works!</h1></body></html>
4:01 am on Feb 27, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


Hmm, I see that 127.0.0.1 means loopback, which is new to me. Duh.
Now I'm lost.
Sorry.
4:04 am on Feb 27, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


Now I'm lost.


Basically, it amounts to null, or "hold the line and I'll get back to you".
4:17 am on Feb 27, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


Now I'm blind...what is null? "hold the line and I'll get back to you". ?

Sorry
4:23 am on Feb 27, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


"what is null?"

Your computer must not have a google search on it ;)
4:34 am on Feb 27, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


ok, thanks, no google around here, but what does that mean? not too familiar with your lingo, just trying to figure out my initial question, lucy sent me something other than Deny from, but can't decipher to well
3:29 pm on Feb 27, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2038
votes: 1


(This thread is starting to remind me of Candid Camera or Punk'd!)

erlandc, you're overdue for some quality DIY time. Rather than expect everyone to explain everything, go to google.com (and/or wikipedia.com) and help yourself:

127.0.0.1
null
loopback
(etc.)

No need to reply;)
3:42 pm on Feb 27, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


I was patient with my students when I taught ballroom, and I know this isn't a classroom, but you get my drift, thanks for your time Pfui
3:49 pm on Feb 27, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


drifts work two ways, however apparently not from your perspective.

Why bother Annie.

Be glad to argue with you all day.
4:13 pm on Feb 27, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


Sure! what's your number? I'm in the mood since the chinese got me all riled up! Plus, I was in '300' and always ready for a battle! :)

Who's Annie? She an orphan? LOL!
4:38 pm on Feb 27, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2038
votes: 1


Who's Annie?


That would be me.
10:34 pm on Feb 27, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 29, 2003
posts: 126
votes: 0


oh, still getting hammered. gonna try figure out with your help & others here to redirect them to the church of satan, so maybe that'll freak them out or convert them
This 73 message thread spans 3 pages: 73