Retrict access to website from spambots and strange visitors

  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

Hi

i have hosted my site (VB KnowledgeBase). I am getting few thousand visitors per month.
In last few weeks i am getting some strange visits(no referrals and visits 10,20 visits per minute) like

1) From same IP with different UserAgents,
2) differnt IP using same user agents,

Please advice me how can i identify these kind of unwanted visits?

in case 1 i dont know if i am restricting the ip will it be assigned to some other user who is a real visitor

in case of 2 the same kind of user agent may be used by several visitors. so i cant restrict by that also.

thanks in advance
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

What else do you see in your log files? Do you see any attempts to run scripts to break the site? Have you run a whois on the IP addresses? Post a few of them here if you don't know how to do that. I can tell you where they are located and who owns that block. You can contact them before you start blocking any addresses.
  • penguin
  • Flying penguins
  • Banned
  • User avatar
  • Posts: 1647
  • Loc: Behind you !

Post 3+ Months Ago

actually no you cant Don. What If they are using a fake ip ( spoofing / bouncing ect ect)

With that many hits your being bot attacked lmao. Sounds like thats coming from a few Different people or mabye one person.

Post your logs on here :P
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Penquin: Contacting the owners of the IP may help determine if someone's machine is being used as a zombie or not.
  • penguin
  • Flying penguins
  • Banned
  • User avatar
  • Posts: 1647
  • Loc: Behind you !

Post 3+ Months Ago

Sorry I just thought yes, Botnets :P I read this wrong, People are probably being slaved without knowing.
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

Hi Penguin

As per my analysis i can say that the visits are most likely a bot not an visitor.
1)Fake IPS
2) Fake User Agents.

My question is if the above are assumed, what should i need to do.

i am extracting the logs and highlighting the analysis now. i will be sending soon
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

Hi penguin and don
Please find the sample of the visits in the last week
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.1; SV1; .NET CLR 2.0.10727) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:25 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.40707) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:25 AM
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 4.1; SV1; .NET CLR 2.0.80777) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:25 AM
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 4.1; SV1; .NET CLR 2.0.20737) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:25 PM


Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.1; SV1; .NET CLR 2.0.00777) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:14 PM
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 4.1; SV1; .NET CLR 2.0.80727) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:14 PM
Mozilla/4.0 (compatible; MSIE 4.0; Windows NT 4.1; SV1; .NET CLR 2.0.20757) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:14 PM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.20707) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:14 PM
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.60717) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:14 PM


Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) 58.22.101.123 CHINA GUEST 3/23/08 9:57 PM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) 58.22.101.123 CHINA GUEST 3/23/08 9:57 PM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.00757) 72.232.137.122 UNITED STATES GUEST 3/23/08 10:02 PM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.70717) 72.232.137.122 UNITED STATES GUEST 3/23/08 10:02 PM
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.10757) 72.232.137.122 UNITED STATES GUEST 3/23/08 10:02 PM
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.1; SV1; .NET CLR 2.0.00717) 72.232.137.122 UNITED STATES GUEST 3/23/08 10:02 PM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.1; SV1; .NET CLR 2.0.60757) 72.232.137.122 UNITED STATES GUEST 3/23/08 10:02 PM


Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 4.1; SV1; .NET CLR 2.0.30757) 209.160.73.156 UNITED STATES GUEST 3/24/08 6:29 AM
Mozilla/4.0 (compatible; MSIE 4.0; Windows NT 4.1; SV1; .NET CLR 2.0.40777) 209.160.73.156 UNITED STATES GUEST 3/24/08 6:29 AM
Mozilla/4.0 (compatible; MSIE 4.0; Windows NT 4.1; SV1; .NET CLR 2.0.30737) 209.160.73.156 UNITED STATES GUEST 3/24/08 6:29 AM
Mozilla/4.0 (compatible; MSIE 4.0; Windows NT 4.1; SV1; .NET CLR 2.0.30727) 209.160.73.156 UNITED STATES GUEST 3/24/08 6:29 AM
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.40777) 209.160.73.156 UNITED STATES GUEST 3/24/08 6:29 AM



Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:06 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:06 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 189.4.217.69 GUEST 3/26/08 6:09 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 61.34.82.141 KOREA REPUBLIC OF GUEST 3/26/08 6:11 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 59.94.76.147 INDIA GUEST 3/26/08 6:11 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.27.129.169 BRAZIL GUEST 3/26/08 6:12 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 189.4.217.69 GUEST 3/26/08 6:13 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 71.241.178.207 UNITED STATES GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 210.89.50.69 GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 61.180.239.250 CHINA GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.83.194.16 BRAZIL GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 61.180.239.250 CHINA GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 220.224.200.134 INDIA GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 220.224.200.134 INDIA GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 71.241.178.207 UNITED STATES GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 222.47.88.14 CHINA GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 189.4.217.69 GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 91.74.160.18 GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 218.21.251.153 CHINA GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 218.21.251.153 CHINA GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 124.154.64.57 JAPAN GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 207.72.66.5 UNITED STATES GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 124.22.90.173 GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 70.236.93.199 UNITED STATES GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 62.80.37.53 GERMANY GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.83.194.16 BRAZIL GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.80.67.165 BRAZIL GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 62.80.37.53 GERMANY GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 123.201.120.81 GUEST 3/26/08 6:17 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 59.94.76.147 INDIA GUEST 3/26/08 6:17 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 60.208.76.60 CHINA GUEST 3/26/08 6:17 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 59.94.76.147 INDIA GUEST 3/26/08 6:18 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 61.17.161.249 INDIA GUEST 3/26/08 6:19 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 59.94.76.147 INDIA GUEST 3/26/08 6:19 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.80.67.165 BRAZIL GUEST 3/26/08 6:19 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.80.67.165 BRAZIL GUEST 3/26/08 6:19 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 91.74.160.18 GUEST 3/26/08 6:19 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.83.169.3 BRAZIL GUEST 3/26/08 6:20 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 61.17.161.249 INDIA GUEST 3/26/08 6:22 AM
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

Hi Don and PenQuin

thanks for the reply.
as per your advice i have taken 84.221.134.157 and done a ip whois lookup. and wrote to them to find what is the intention of visit

let me see how it goes

however please assist me in figuring out it by some ruels. As i am a developer i can just write something to block them by page level. atlease i can stop duplicating the content.
At the same time i dont want to block a geniune visitor who is realy visiting the site.

thanks in advance
  • penguin
  • Flying penguins
  • Banned
  • User avatar
  • Posts: 1647
  • Loc: Behind you !

Post 3+ Months Ago

Block 84.221.134 and 72.232.137.122 if you have not already.


Im going to take some time to see If i can find the source of this for you, ( where they are coming from )

Is your site offline becuase of the share amount of bots hitting your site. I have a feeling I know what this guy Is using but Its not wise to post it on the site. I will contact you Via PM.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Below are the whois outputs for 3 of the IP addresses in question. Each of them has contact information which occasionally gets answered the way we would like. I can do the rest of them and PM the results to you. They are easy to do from my Unix box. I didn't want to use a lot of space here.

Are the hits causing a DOS to your site?

queyosepa# whois 72.232.137.122

OrgName: Layered Technologies, Inc.
OrgID: LAYER-3
Address: 5085 W Park Blvd
Address: Suite 700
City: Plano
StateProv: TX
PostalCode: 75093
Country: US
Comment: abuse@layeredtech.com

_____________________________

queyosepa# whois 84.221.134.157

inetnum: 84.220.0.0 - 84.221.255.255
netname: TISCALINET
descr: Tiscali Italia SpA
descr: PROVIDER
country: IT
admin-c: RC524-RIPE
admin-c: FP1849-RIPE
admin-c: FB2233-RIPE
tech-c: TI335-RIPE
rev-srv: ns.tiscalinet.it
rev-srv: sns.tiscali.it
remarks: ADSL dial-up customers
remarks:
remarks: Send trouble queries or problems to noc@it.tiscali.com

role: Tiscali IT
address: Tiscali Italia S.p.A.
address: SS 195 Km 2.300
address: localita Sa Illetta
address: 09122 - Cagliari
address: Italy
phone: +39 070 46011
fax-no: +39 070 4601400
______________________________
queyosepa# whois 58.22.101.123

route: 58.22.0.0/15
descr: CNCGroup FuJian province network
country: CN
origin: AS9929
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20050504
changed: hm-changed@apnic.net 20050504
changed: hm-changed@apnic.net 20050504
source: APNIC

person: FU ZHOU
nic-hdl: FZ165-AP
e-mail: chenjie2@china-netcom.com
address: Fuzhou city, Fujian province, China
phone: +86-591-28363728
fax-no: +86-591-28363716
country: CN
changed: chenmin_deletethispart_@china-netcom.com 20060509
mnt-by: MAINT-CNCGROUP-FJ
source: APNIC
  • penguin
  • Flying penguins
  • Banned
  • User avatar
  • Posts: 1647
  • Loc: Behind you !

Post 3+ Months Ago

I think they are Don, Thats why His website is down, You look them up I think I have an idea, Post the other IP's that you think are in question. Im going to find out exactly what they are using.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Penguin, I sent you some whois information on more of those IPs. I didn't want to post it here since the output is quite long. If you think the rest of the whois will be helpful, I'll do the rest. It's hard to tell who is bouncing off of what.

Pons_saravanan: I'll send a copy to you as well. Do your log files show any attempted scripts? That would help in deciding who is real and who is not.

Don't forget that a person might visit a site, such as yours and leave in less than a minute if they feel it's beyond their scope.
  • penguin
  • Flying penguins
  • Banned
  • User avatar
  • Posts: 1647
  • Loc: Behind you !

Post 3+ Months Ago

At that rate of time, I think we are looking at BOTS, and possibly other programmes being used. I looked at some of the IP's Via PM some intresting results.

Thanks for the information DON2007.

Pons_saravanan: Could you please answer me this> Does your website go offline on a regular basis?
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

Hi penquin

Penguin: I think my site did not go offline. since i am checking my logs everyday.
i dont know how to deny the access via htaccess. so i had requested my shared hosting support to assist me. however i did not see any attempts after 26 th march.


DON:I understand that but when i am looking into the logs the user agent information for some entries are same while ip is different. that looks like some one is using fake ips and fake user agents.( i am looking into my system logs for any script injection. I know what you are thinking. but see my suspect in the bottom of this reply)


My another fear is that they might be trying to steal my content. it happened to me earlier.

the article written by me in ezine(original)
http://www.ezinearticles.com/?Visual-Ba ... &id=653156

(duplicates)
http://www.shop1online.info/2007/12/26/ ... r-content/

http://www.future-technology.info/compu ... r-content/

the above are just samples
try google with
http://www.google.com.sg/search?hl=en&q ... tent&meta=

thanks
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

Hi don and penguin
thank you verymuch for both of your efforts

DON: As per your advice. I have checked my site logs i am able conclude that there were some attempts to inject scripts via the userid text box.

several attempts like the following(around 10)

System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$txtUserId="hi @ 3/26/2008 6:10:51 AM

So on 26th march a bot or a program tried to inject some scripts via any controls which allow the user entry. I have only one form available to enter text before clicking a button.(that is userId text box).

don, and penguin

Seems like i cant figure out any rules associated with this attempts if i am able to do it then i can automatically filter them out by writing some code. I hope there should be some ways to find these .
  • penguin
  • Flying penguins
  • Banned
  • User avatar
  • Posts: 1647
  • Loc: Behind you !

Post 3+ Months Ago

Slightly off topic Is your website protected against SQL injections?
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

yes it is . but i am logging all the attempts. and i have already restricted the ips(by raised a ticket in my host provider).

Sadly i dont have the rights to use the .htaccess. Is there any alternatives.
  • penguin
  • Flying penguins
  • Banned
  • User avatar
  • Posts: 1647
  • Loc: Behind you !

Post 3+ Months Ago

Why do you not have the rights, And Has your host restricted all those IP's?
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

hi penguin

first my site is hosted in IIS and developed using Asp.net. so i can not use htaccess. and my host has banned those ips. i have requested.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

It looks like you are going to be sending a lot of requests to them but do what you have to do.
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

Ok

Now the first level of denying access is not at all possible. atlease i can deny the bad bots (duplicating content) by writing some code in ASP.net.

Don & Penguin.
Based on your experiences please assist me to figure out some rules. so that i can implement using asp.net if possible.

if not it is going to be a painful process as don said.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

ASP is beyond my scope. Maybe penguin can help you on that or start a thread in the coding section.
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

i think my question was not clear enough. i just wanted to figure out how to identify the attempts .
For eg
1) if the Attempts are from same ip we may ban the ip address. but the same time we should ensure that the ip is static or else in next few days the same ip can be allocated to some one. who may be real visitor. if fake ips are used then ip we are banning may affect the visits from the one who actualy assigned.

i need these kind of combinations so that i can just code based on the above rules

thank you very much don and benguin
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

I understand what you're asking now and the answer depends on how complete your log files are. For example, I know someone who has a web site which is just text and jpegs. No scripting is used. His log files were showing PHP scripts that were being run against his site in an attempt to compromise the site.

Does your log files show attempts such as those?
  • penguin
  • Flying penguins
  • Banned
  • User avatar
  • Posts: 1647
  • Loc: Behind you !

Post 3+ Months Ago

Sorry about my delay in help, Right like Don has asked does it show any kind of scripts like that?

If so please post your log file... Or send a copy to myself and DON :P
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

hi don and penguin

thank you for your help. i was sick and unable to concentrate on the site for the past few weeks.

i will send logs to both of you by PM.

I ve just decided to have a database table with all the bots and i am going to have a flag to identify it as a bad bot or known bot(gogole, yahoo, msn etc). If it is a bad bot then i am going to deny them.(i will check who is ip before adding the entry to my table.) when ever a page is requested the system will check the table if it is entered as a badbot in the table.If it is a bad bot then system will deny the access to the page.

Currenly from your suggestions and advice i am able to conclude that denying access by UserAgent is little bit difficult(due to fake user agents). so i have decided to ban by ip address as a start.

I know that some bad bots are using fake ips. will it be possible identify them?

Please give your suggestions
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Banning by IP is ok but it's still a lot of work and deciding if it's a bot or just someone who left the site in 30 seconds because it was too complicated, is hard to tell, so I have another idea.

Make the site available to registered users only. Change the home.aspx page to a explanation of what the site has to offer along with a login and register box. Explain that it's necessary due to the bot problem.

I don't see any banner ads, so I don't think that you will lose any money by doing that.
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

hi don
but the google bot,yahoo, msn bots and other bots will not be able to crawl the site. If it is not crawled then it will not be indexed in the search engine.

since my visitors are mainly from search engines i dont want to loose them.

I tried to attach my website logs but couldnt proceed since the PM does not allow attachments and inline text has some line numbers limitations.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

As far as I know the bots can still crawl the site as long as you don't use a robots.txt file. I know of a web site that only lets you view solutions to a problem if you register but if you click on the cached line in the google search results, you can view everything. That means that the google bot crawled everything
  • pons_saravanan
  • Novice
  • Novice
  • pons_saravanan
  • Posts: 26

Post 3+ Months Ago

hi don
i too was surprised about a site like that one you had mentioned. but that works in a different way. it offers different page content to visitors and bots like google(so far to my knowledge, it may different in actual). i am not sure all bots will allow this now and in future.

second problem is if i am asking for a visitor to log on or(keep logged in using a cookie). some visitors will not like to login to see the content. and my site is not upto that level i have only few pages(<100).

I already have a user management module with register, change password, Role Based authorization. etc (ofcourse i need to improve little bit on this).At this point of time i would like to present the content to the visitors in one click away from search engines.

But i realy like your suggestion as it completely fit my requirements which i requested earlier.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

Post Information

  • Total Posts in this topic: 34 posts
  • Users browsing this forum: No registered users and 5 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.