Forum Moderators: open
However, starting on July 1, it requested a fairly obscure product page using the AVG link scanner UA: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) and was promptly redirected to the tiny page I had set up for that purpose.
Then, starting at about 2am yesterday (July 7) till about an hour ago, it has requested the same file 30 times - each time with a completely different user agent, none of them ones I normally allow access to and most I had never seen in this site previously.
Most requests have tripped my normal anti-bot rewrite rules and got 403s, but those that didn't, tripped another rule and were redirected to the tiny page.
Project Honeypot have recorded it accessing honey pots as of a week ago, but have not received any spam as yet.
I'm wondering if they are using our site as some sort of an experiment. Whatever the case, I have now blocked it by IP and suggest others might want to do the same.
inetnum: 92.48.64.0 - 92.48.127.255
netname: UK-POUNDHOST-20071113
descr: PoundHost Internet Services
route: 92.48.64.0/18
Probably just a garden variety scraper running off one of their servers.
I was hit by them on 06/30/2008 and it attempted to crawl the handful of links on my "BAD BOT GO AWAY" page which is how I can tell it was a crawler and not LinkScanner.
So far, from 2am July 7 until a few minutes ago it has requested the same page 57 times, but no others. And it has always received either a 403 or redirection to a page containing nothing but a link to the index page - which it has not attempted to follow.
It has used "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" as UA nine times, and all the rest have been different. It seems to be a sort of Bot encyclopedia attack, as it has so far only used UAs beginning with the letters A-F. I expect as the day progresses it will delve further into the alphabet.
Still seems like an experiment of some sort. Very strange.
