Forum Moderators: DixonJones
This looked like a bot so I grep'd the log file for this host and found that it was accessing one large file every two minutes. Since this html file was 150k and could quickly hit my bandwidth limit I denied access to the IP.
When the single file was accessed every two minutes the user-agent was "Mozilla/3.01 (compatible;)".
Once I denied that IP and it tried again and received HTTP 403, one more request was made for a different file and the user-agent was "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" and the request had a referrer from metacrawler.com.
Since that last request I haven't seen anymore strange bot like attempts from that IP or any other .mil IP.
Has anyone else experienced something along these lines from nipr.mil?
I just can't understand why anyone would automate the download of one file over and over.
Probably because they wrote a buggy program. Now I just can't understand why anyone would write a buggy program :) :)
I was testing out CURL and some PHP on a URL, making sure my code works. Some lucky guys page was my URL ;)
Unusual that the User Agent changed though, how quick did it change? If they only made one more request, my >guess< says that they're testing changing the UA automatically for when you ban it, i.e. testing a bot.
Either way if they do it too much you can always ban the IP I guess.
i actually banned the IP the first time. the UA changed within seconds of getting the 403 error.
a couple of days later, another attempt was made by that IP with yet another UA and of course it was denied.
seconds later a different military IP with the same UA tried and succeeded.
