Welcome to WebmasterWorld Guest from 18.104.22.168
When I first saw this I thought a member of my forums was running a script to make those pictures display in the "most popular" section of my photo gallery, but now I'm not so sure.
I've dug around in my phpBB and photo gallery database and haven't seen anything conclusive to connect a username and the IP address. Well, I've seen one of my moderators post on this IP address twice only and six months ago, and I think it's very unlikely to be him for a number of reasons. Going by the accesses, it seems to be only one user currently. I'm guessing it's cable, and the IP address stayed the same over several days.
Should I ban this IP address and redirect all accesses by it to a friendly error page saying there's a problem with this IP address and asking any users who see it to contact me?
i first would trace the ip immediatly if this occurs. this could be a dial-up account only. if it's a dial-up account than this is no static ip and it would make no sense to block it because it can expire soon.
i think the only thing you can do is to limit the connections of an ip-adress to a specific number to block traffic misuse on your site.
I suspect it's a static IP as it sometimes resolves via dns to cache1-winn.server.ntli.net [22.214.171.124]
It was down for a few hours last night/this morning, and wouldn't resolve then. Strange that they've left the server pingable.
I'm fairly convinced that this is a unique user either on this address or via a proxy, and that he/she is the only one on this IP since the behaviour is consistent over a whole week. So far my theories have been:
* Dodgy proxy server re-requesting pages it shouldn't be?
* User on this ip/via this proxy doing this.
* User spoofing the IP address.
They are currently changing their proxy names as shown at this location h**p://homepage.ntlworld.com/robin.d.h.walker/cmtips/trancache.html#ntl
The NTL proxies are on and off all the time. I'm on NTL btw :(