Question about banned IP

Forum Moderators: open

Message Too Old, No Replies

Question about banned IP

nickgl

8:44 pm on Jan 5, 2008 (gmt 0)

Hi there. I have enjoyed reading this forum for a while and now have a question that i hope others can answer.

We have been seeing aggressive spidering from IPs that trace back to China, such as this one:
123.191.74.**

We use IIS and a couple of weeks ago, we decided to block the whole range associated with this company using the "IP address and domain name restrictions" settings in the Master Properties section of IIS:
123.188.0.0 - 123.191.255.255

I was surprised today to again see traffic to one of our sites from 123.191.74.**. My assumption was that this would not be possible.

Any ideas about why this may be occuring? Is this a case of IP spoofing? How can we track this down?

Thanks in advance for your suggestions.

- Nick

[edited by: volatilegx at 11:05 pm (utc) on Jan. 6, 2008]
[edit reason] obfuscated ip addresses [/edit]

wilderness

11:25 pm on Jan 6, 2008 (gmt 0)

Hello Nick,
Welcome to Webmaster World.

Over the years, there's been very little discussion of IIS in this forum.
I have a couple of links saved, however not sure if they assist you or not.

You might want to check the syntax of the IP range that you used to assure it's functional. (I have no clue what the critera is in IIS for listing IP ranges).

As an aside, the denial of access will not eliminate the requests from the IP range, rather just serve them with a 403 (check your logs).

The liklihood that a request is serving a spoofed IP range and still receiving your website (s) data is very unlikely.

(not sure if korkus is still participating, however I recall this user having quite a grasp on IIS)
[webmasterworld.com...]

The following seems like a forum once dedicate to IIS:
(archive.org link provided to assure link longevity).
[web.archive.org...]

Some more IIS items:
[web.archive.org...]