IP address found in logs today

Forum Moderators: phranque

Message Too Old, No Replies

IP address found in logs today

palmpal

5:23 pm on Dec 14, 2003 (gmt 0)

I was wondering where to find out information about an IP address I found in my logs today. There were 37 referrals from this IP and 106 pages hit. The IP is 211.99.213.18.

I'm new at trying to identify if they are doing something wrong but 106 pages appears to be my entire site. What could they be doing? Apparently the IP is from China.

Advice?

Thanks!

Yidaki

5:44 pm on Dec 14, 2003 (gmt 0)

>What could they be doing?
>Apparently the IP is from China.

They're looking for email addresses to spam.

>Advice?

Block it. And don't just block the one ip but the whole subnet.

211.99.192.0-211.99.223.255

danieljean

12:51 am on Dec 15, 2003 (gmt 0)

That seems a bit extreme... what if it's a legitimate browser, or someone getting a copy of the site for offline browsing?

If you are concerned about spam, do implement some techniques to avoid addresses getting harvested.

monsterhosting

7:16 am on Dec 15, 2003 (gmt 0)

Did you try doing a traceroute on the IP?

You can do one here:

[network-tools.com...]

Jan_Moesen

2:17 pm on Dec 17, 2003 (gmt 0)

It is a terribly broken (spam)bot. It first followed the five links on my homepage, which all lead to Apache-generated directory indexes. Then it requested the links linked from those indexes, but not relative to that directory. For example, it requested /frontpage/, which links to /frontpage/alt-f4/, but it requested /alt-f4/.

I say "(spam)bot" because it also includes a bogus referer: [zzjz.uxiu.com...]

To top things off, it also lowercases the query string, so it requests /frontpage/?m=d instead of /frontpage/?M=D.