A once-a minute access doesn't sound like a DOS attack to me, nor should it slow down your server (depending on whatever site-monitor.asp does).

I assume you mean it's coming from your server's IP address, in which case I would ask your web host if they use site-monitoring software that fits this description. Mine does something different but similar in order to monitor the server uptime and possibly contact the webmaster if the server stops responding.

P.S. If you are referring to your personal IP address, then I don't have any suggestions offhand, but that would be weird.

I am referring to my personal IP Address. The only thing that makes sense is he's spoofing my IP which is what led me to consider the possibility of an attack. I agree that once a minute isn't much of an attack. I'm sure I'll make sense of it all eventually. Thanks for your reply.

If I understand you correctly, I would have thought the most likely answer is spyware/virus etc. on your computer. In this case, switch off (or disconnect) your computer for ten minutes and see if it stops.

Kaled.

Hi kaled,

Thanks for your concern and suggestion. The questionable activity stopped late last night. Even though I regularly scan all five computers/servers on my LAN for nasties I did it again and everything here was clean. So I guess this will remain a mystery.

If it was a third party, how would they even know your IP? There are ways of getting it, but it would probably have to be someone you had interacted with, and why bother when they could spoof ANY IP address.

And if it was regular spyware on your network, how would it know about your site and why would it keep hitting that particular URL?

IMO it's relevant that the page is "site-check.asp" and that it appears to exist solely to verify the server is responding (I took a look). Did you create this page yourself or is it Microsoft standard? Do you use (or have you used in the past) any automated tools to monitor your site via this page? Has "adam" hit any other pages?

(BTW, I don't know if you want us to keep pressing the issue, but it's an interesting problem. Reminds me of that kind of horror movie where the police have to inform a terrified teen that they traced the taunting call she just got from a deranged murderer, and it came from somewhere inside her own house! OMG, Get Out Now!)

I agree with all your conclusions and yet there it was. I don't understand it. :)

I've never seen the adam user agent before. It turned up in the automated analysis I do every Sunday morning for the previous week's log files for a project I work on.

I don't know anyone named adam. I haven't angered anyone to the point they'd want to mess with my server. I do have some friends who might pull a practical joke like this. They all know my IP Address. But what fun would a joke be if they never told me about it? Maybe they're waiting for me to mention it.

It'll have to wait though. Hurricane Rita is paying me a visit for the next 24 hours or so. Katrina passed through here about four weeks ago.

The file works with an app I wrote using VB6 and a URL grabber component. It checks that page once a minute and returns the text you obviously saw ;). There's one on all my websites. If it doesn't get a response after three tries my cellphone gets a text message. Eventually I want professional monitoring but this will have to do for now.