HomeBuilding Your WebsiteServer Management

Blocking this wierd bot

exoticsportcars posted this at 13:34 — 17th September 2005.

They have: 1 posts

Joined: Sep 2005

Hey,

For the past while, i've been getting these strange hits on my server. It doesn't leave a referer or user agent. Here is what the log entries look like:

70.28.123.156 - - [17/Sep/2005:08:30:58 -0300] "GET / HTTP/1.0" 200 3716
70.28.169.254 - - [17/Sep/2005:09:14:05 -0300] "GET / HTTP/1.0" 200 3716
70.28.22.14 - - [17/Sep/2005:09:16:21 -0300] "GET / HTTP/1.0" 200 3716
70.28.178.96 - - [17/Sep/2005:09:16:45 -0300] "GET / HTTP/1.0" 200 3716
70.28.169.254 - - [17/Sep/2005:10:16:10 -0300] "GET / HTTP/1.0" 200 3716
70.28.178.96 - - [17/Sep/2005:10:18:19 -0300] "GET / HTTP/1.0" 200 3716

All it does is download the html from the home page, nothing else. To add to the fun I can't block it like using something like 70.28.* cause if i do, I block my self. There is over 100 different Ips; it depends on the days.

Anyone have any ideas on how to stop this? or should I just leave it?

Server: Win2K,Apache 1.3.33, PHP 4.40, mod_gzip, Mysql

Busy posted this at 21:24 — 17th September 2005.

Busy's picture

He has: 6,151 posts

Joined: May 2001

What about blocking
70.28.178.96
70.28.169.254
and any others that have been used at least twice?

If you have the last three months log files (raw logs), do a search for the IP to see if any of your members are using those ranges, if not block the sucker. May take a while if there is 100's of them.

Another way is to block the 70.28. range but allow your IP

mairving posted this at 12:51 — 19th September 2005.

mairving's picture

They have: 2,256 posts

Joined: Feb 2001

It looks like the 'weird bots' are actually from your ISP. Most ISP's do not allow you to run a webserver via your account unless you have a business account with a fixed IP address. Most won't really do much unless you start using too much bandwidth. It could be port scans or probes from your ISP to see what is going on. It could also be just garbage traffic coming over.

Mark Irving
I have a mind like a steel trap; it is rusty and illegal in 47 states

rehash posted this at 19:15 — 21st September 2005.

They have: 15 posts

Joined: Sep 2005

add in your firewall first the rules to allow your ip(and any other ip from this class that you may need such gateway/ns)
then block 70.28.0.0/16

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.