Retrict access to website from spambots and strange visitors

Hi

i have hosted my site (VB KnowledgeBase). I am getting few thousand visitors per month.
In last few weeks i am getting some strange visits(no referrals and visits 10,20 visits per minute) like

1) From same IP with different UserAgents,
2) differnt IP using same user agents,

Please advice me how can i identify these kind of unwanted visits?

in case 1 i dont know if i am restricting the ip will it be assigned to some other user who is a real visitor

in case of 2 the same kind of user agent may be used by several visitors. so i cant restrict by that also.

thanks in advance

What else do you see in your log files? Do you see any attempts to run scripts to break the site? Have you run a whois on the IP addresses? Post a few of them here if you don't know how to do that. I can tell you where they are located and who owns that block. You can contact them before you start blocking any addresses.

actually no you cant Don. What If they are using a fake ip ( spoofing / bouncing ect ect)

With that many hits your being bot attacked lmao. Sounds like thats coming from a few Different people or mabye one person.

Post your logs on here

Penquin: Contacting the owners of the IP may help determine if someone's machine is being used as a zombie or not.

Sorry I just thought yes, Botnets I read this wrong, People are probably being slaved without knowing.

Hi Penguin

As per my analysis i can say that the visits are most likely a bot not an visitor.
1)Fake IPS
2) Fake User Agents.

My question is if the above are assumed, what should i need to do.

i am extracting the logs and highlighting the analysis now. i will be sending soon

Hi penguin and don
Please find the sample of the visits in the last week
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.1; SV1; .NET CLR 2.0.10727) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:25 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.40707) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:25 AM
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 4.1; SV1; .NET CLR 2.0.80777) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:25 AM
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 4.1; SV1; .NET CLR 2.0.20737) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:25 PM


Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.1; SV1; .NET CLR 2.0.00777) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:14 PM
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 4.1; SV1; .NET CLR 2.0.80727) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:14 PM
Mozilla/4.0 (compatible; MSIE 4.0; Windows NT 4.1; SV1; .NET CLR 2.0.20757) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:14 PM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.20707) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:14 PM
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.60717) 72.232.137.122 UNITED STATES GUEST 3/23/08 12:14 PM


Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) 58.22.101.123 CHINA GUEST 3/23/08 9:57 PM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) 58.22.101.123 CHINA GUEST 3/23/08 9:57 PM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.00757) 72.232.137.122 UNITED STATES GUEST 3/23/08 10:02 PM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.70717) 72.232.137.122 UNITED STATES GUEST 3/23/08 10:02 PM
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.10757) 72.232.137.122 UNITED STATES GUEST 3/23/08 10:02 PM
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.1; SV1; .NET CLR 2.0.00717) 72.232.137.122 UNITED STATES GUEST 3/23/08 10:02 PM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.1; SV1; .NET CLR 2.0.60757) 72.232.137.122 UNITED STATES GUEST 3/23/08 10:02 PM


Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 4.1; SV1; .NET CLR 2.0.30757) 209.160.73.156 UNITED STATES GUEST 3/24/08 6:29 AM
Mozilla/4.0 (compatible; MSIE 4.0; Windows NT 4.1; SV1; .NET CLR 2.0.40777) 209.160.73.156 UNITED STATES GUEST 3/24/08 6:29 AM
Mozilla/4.0 (compatible; MSIE 4.0; Windows NT 4.1; SV1; .NET CLR 2.0.30737) 209.160.73.156 UNITED STATES GUEST 3/24/08 6:29 AM
Mozilla/4.0 (compatible; MSIE 4.0; Windows NT 4.1; SV1; .NET CLR 2.0.30727) 209.160.73.156 UNITED STATES GUEST 3/24/08 6:29 AM
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.40777) 209.160.73.156 UNITED STATES GUEST 3/24/08 6:29 AM



Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:06 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:06 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:07 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:08 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 189.4.217.69 GUEST 3/26/08 6:09 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:09 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 84.221.134.157 ITALY GUEST 3/26/08 6:10 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 61.34.82.141 KOREA REPUBLIC OF GUEST 3/26/08 6:11 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 59.94.76.147 INDIA GUEST 3/26/08 6:11 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.27.129.169 BRAZIL GUEST 3/26/08 6:12 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 189.4.217.69 GUEST 3/26/08 6:13 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 71.241.178.207 UNITED STATES GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 210.89.50.69 GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 61.180.239.250 CHINA GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.83.194.16 BRAZIL GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 61.180.239.250 CHINA GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 220.224.200.134 INDIA GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 220.224.200.134 INDIA GUEST 3/26/08 6:14 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 71.241.178.207 UNITED STATES GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 222.47.88.14 CHINA GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 189.4.217.69 GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 91.74.160.18 GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 218.21.251.153 CHINA GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 218.21.251.153 CHINA GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 124.154.64.57 JAPAN GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 207.72.66.5 UNITED STATES GUEST 3/26/08 6:15 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 124.22.90.173 GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 70.236.93.199 UNITED STATES GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 62.80.37.53 GERMANY GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.83.194.16 BRAZIL GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.80.67.165 BRAZIL GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 62.80.37.53 GERMANY GUEST 3/26/08 6:16 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 123.201.120.81 GUEST 3/26/08 6:17 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 59.94.76.147 INDIA GUEST 3/26/08 6:17 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 60.208.76.60 CHINA GUEST 3/26/08 6:17 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 59.94.76.147 INDIA GUEST 3/26/08 6:18 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 61.17.161.249 INDIA GUEST 3/26/08 6:19 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 59.94.76.147 INDIA GUEST 3/26/08 6:19 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.80.67.165 BRAZIL GUEST 3/26/08 6:19 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.80.67.165 BRAZIL GUEST 3/26/08 6:19 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 91.74.160.18 GUEST 3/26/08 6:19 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 201.83.169.3 BRAZIL GUEST 3/26/08 6:20 AM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 61.17.161.249 INDIA GUEST 3/26/08 6:22 AM

Hi Don and PenQuin

thanks for the reply.
as per your advice i have taken 84.221.134.157 and done a ip whois lookup. and wrote to them to find what is the intention of visit

let me see how it goes

however please assist me in figuring out it by some ruels. As i am a developer i can just write something to block them by page level. atlease i can stop duplicating the content.
At the same time i dont want to block a geniune visitor who is realy visiting the site.

thanks in advance

Block 84.221.134 and 72.232.137.122 if you have not already.


Im going to take some time to see If i can find the source of this for you, ( where they are coming from )

Is your site offline becuase of the share amount of bots hitting your site. I have a feeling I know what this guy Is using but Its not wise to post it on the site. I will contact you Via PM.

Below are the whois outputs for 3 of the IP addresses in question. Each of them has contact information which occasionally gets answered the way we would like. I can do the rest of them and PM the results to you. They are easy to do from my Unix box. I didn't want to use a lot of space here.

Are the hits causing a DOS to your site?

queyosepa# whois 72.232.137.122

OrgName: Layered Technologies, Inc.
OrgID: LAYER-3
Address: 5085 W Park Blvd
Address: Suite 700
City: Plano
StateProv: TX
PostalCode: 75093
Country: US
Comment: abuse@layeredtech.com

_____________________________

queyosepa# whois 84.221.134.157

inetnum: 84.220.0.0 - 84.221.255.255
netname: TISCALINET
descr: Tiscali Italia SpA
descr: PROVIDER
country: IT
admin-c: RC524-RIPE
admin-c: FP1849-RIPE
admin-c: FB2233-RIPE
tech-c: TI335-RIPE
rev-srv: ns.tiscalinet.it
rev-srv: sns.tiscali.it
remarks: ADSL dial-up customers
remarks:
remarks: Send trouble queries or problems to noc@it.tiscali.com

role: Tiscali IT
address: Tiscali Italia S.p.A.
address: SS 195 Km 2.300
address: localita Sa Illetta
address: 09122 - Cagliari
address: Italy
phone: +39 070 46011
fax-no: +39 070 4601400
______________________________
queyosepa# whois 58.22.101.123

route: 58.22.0.0/15
descr: CNCGroup FuJian province network
country: CN
origin: AS9929
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20050504
changed: hm-changed@apnic.net 20050504
changed: hm-changed@apnic.net 20050504
source: APNIC

person: FU ZHOU
nic-hdl: FZ165-AP
e-mail: chenjie2@china-netcom.com
address: Fuzhou city, Fujian province, China
phone: +86-591-28363728
fax-no: +86-591-28363716
country: CN
changed: chenmin_deletethispart_@china-netcom.com 20060509
mnt-by: MAINT-CNCGROUP-FJ
source: APNIC

I think they are Don, Thats why His website is down, You look them up I think I have an idea, Post the other IP's that you think are in question. Im going to find out exactly what they are using.

Penguin, I sent you some whois information on more of those IPs. I didn't want to post it here since the output is quite long. If you think the rest of the whois will be helpful, I'll do the rest. It's hard to tell who is bouncing off of what.

Pons_saravanan: I'll send a copy to you as well. Do your log files show any attempted scripts? That would help in deciding who is real and who is not.

Don't forget that a person might visit a site, such as yours and leave in less than a minute if they feel it's beyond their scope.

At that rate of time, I think we are looking at BOTS, and possibly other programmes being used. I looked at some of the IP's Via PM some intresting results.

Thanks for the information DON2007.

Pons_saravanan: Could you please answer me this> Does your website go offline on a regular basis?

Hi penquin

Penguin: I think my site did not go offline. since i am checking my logs everyday.
i dont know how to deny the access via htaccess. so i had requested my shared hosting support to assist me. however i did not see any attempts after 26 th march.


DON:I understand that but when i am looking into the logs the user agent information for some entries are same while ip is different. that looks like some one is using fake ips and fake user agents.( i am looking into my system logs for any script injection. I know what you are thinking. but see my suspect in the bottom of this reply)


My another fear is that they might be trying to steal my content. it happened to me earlier.

the article written by me in ezine(original)
http://www.ezinearticles.com/?Visual-Ba ... &id=653156

(duplicates)
http://www.shop1online.info/2007/12/26/ ... r-content/

http://www.future-technology.info/compu ... r-content/

the above are just samples
try google with
http://www.google.com.sg/search?hl=en&q ... tent&meta=

thanks

Hi don and penguin
thank you verymuch for both of your efforts

DON: As per your advice. I have checked my site logs i am able conclude that there were some attempts to inject scripts via the userid text box.

several attempts like the following(around 10)

System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$txtUserId="hi @ 3/26/2008 6:10:51 AM

So on 26th march a bot or a program tried to inject some scripts via any controls which allow the user entry. I have only one form available to enter text before clicking a button.(that is userId text box).

don, and penguin

Seems like i cant figure out any rules associated with this attempts if i am able to do it then i can automatically filter them out by writing some code. I hope there should be some ways to find these .