IP address: 212.107.116.248 After checking my raw log files, I noticed that there was a bot searching on the exact same gay porn site. I know it's a bot, because the difference in refresh time is under a second, and they're always on the same page. I wouldn't mind if it was a legitimate person who's trying to surf anonymously. But this bot is a BOT! Can anyone tell me anything from this IP address? 212.107.116.248 And I have a feeling they're trying to eat up my bandwidth. So how the hell do I block them? Thank you a lot. I'm sorry, but I'm just a bit ticked off. "http://www.urlcutter.info/index.php?q=aHR0cDovL3d3dy5nYXltb3ZpZWxpc3QuY29tL3N0L25pY2hlcy9odW5rcy1tb3ZpZXMuc2h0bWw%3D" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 212.107.116.248 - - [17/Jan/2007:[B]13:26:21 [/B]-0600] "GET /index.php?q=aHR0cDovL3d3dy5nYXltb3ZpZWxpc3QuY29tL3N0L3RodW1icy8wMTYvMDM3MzEyODM4NS5qcGc%3D HTTP/1.1" 200 5782 "http://www.urlcutter.info/index.php?q=aHR0cDovL3d3dy5nYXltb3ZpZWxpc3QuY29tL3N0L25pY2hlcy9odW5rcy1tb3ZpZXMuc2h0bWw%3D" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 212.107.116.248 - - [17/Jan/2007:[B]13:26:22[/B] -0600] "GET /index.php?q=aHR0cDovL3d3dy5nYXltb3ZpZWxpc3QuY29tL3N0L3RodW1icy8wMzEvMDcxMzA2NTM3MC5qcGc%3D HTTP/1.1" 200 5641 "http://www.urlcutter.info/index.php?q=aHR0cDovL3d3dy5nYXltb3ZpZWxpc3QuY29tL3N0L25pY2hlcy9odW5rcy1tb3ZpZXMuc2h0bWw%3D" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 212.107.116.248 - - [17/Jan/2007:[B]13:26:22[/B] -0600] "GET /index.php?q=aHR0cDovL3d3dy5nYXltb3ZpZWxpc3QuY29tL3N0L3RodW1icy8wMzAvMDU2NzAxMTE3OS5qcGc%3D HTTP/1.1" 200 4755 PHP:
Wow. I really like the PHP tool, because the lines are really organized. I'm going to post more of my log here if anyone doesn't mind. I need to examine it. [17/Jan/2007:15:07:16 -0600] "GET /index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9sb2dpbi5odG1s HTTP/1.1" 200 92275 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:16 -0600] "GET /index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9pbWFnZXMvJyk7CgkJCWRvY3VtZW50LndyaXRlKG5hbWVzW01hdGgucm91bmQoTWF0aC5yYW5kb20oKSooY250LTEpKV0pOwoJCQlkb2N1bWVudC53cml0ZSgn HTTP/1.1" 404 14536 "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9sb2dpbi5odG1s" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:17 -0600] "GET /images/but1_.gif HTTP/1.1" 404 - "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9sb2dpbi5odG1s" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:17 -0600] "GET /images/but2_.gif HTTP/1.1" 404 - "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9sb2dpbi5odG1s" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:17 -0600] "GET /images/but3_.gif HTTP/1.1" 404 - "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9sb2dpbi5odG1s" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:17 -0600] "GET /images/but4_.gif HTTP/1.1" 404 - "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9sb2dpbi5odG1s" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:17 -0600] "GET /images/but5_.gif HTTP/1.1" 404 - "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9sb2dpbi5odG1s" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:17 -0600] "GET /images/but5a_.gif HTTP/1.1" 404 - "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9sb2dpbi5odG1s" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:17 -0600] "GET /images/but1_.gif HTTP/1.1" 404 - "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9sb2dpbi5odG1s" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:17 -0600] "GET /images/but2_.gif HTTP/1.1" 404 - "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9sb2dpbi5odG1s" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:17 -0600] "GET /images/but3_.gif HTTP/1.1" 404 - "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9sb2dpbi5odG1s" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:21 -0600] "GET /index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9pbWFnZXMvY3NzL3N0eWxlLmNzcw%3D%3D HTTP/1.1" 304 - "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9mZnNlYXJjaC5odG1sP2E9cmVnbWVjaFRBS0VPVVQlMjBDQVBTaG90bWFpbCUyMGNvbSUyMHJlZ21lY2gmZD0yMDA2MTAwNSZzPVRodXJzZGF5K3JlZ21lY2grSlBHKyZ0PWdycCZnPWFsdC5iaW5hcmllcy5ub3NwYW0uYW1hdGV1ci5mZW1hbGU-&hl=1011101001" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:21 -0600] "GET /index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9pbWFnZXMvY3NzL3N0eWxlLWJnLmNzcw%3D%3D HTTP/1.1" 200 2281 "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9mZnNlYXJjaC5odG1sP2E9cmVnbWVjaFRBS0VPVVQlMjBDQVBTaG90bWFpbCUyMGNvbSUyMHJlZ21lY2gmZD0yMDA2MTAwNSZzPVRodXJzZGF5K3JlZ21lY2grSlBHKyZ0PWdycCZnPWFsdC5iaW5hcmllcy5ub3NwYW0uYW1hdGV1ci5mZW1hbGU-&hl=1011101001" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:22 -0600] "GET /index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9pbWFnZXMvY3NzL215dXNlbmV0Lmpz HTTP/1.1" 200 363 "http://www.urlcutter.info/index.php?q=aHR0cDovL215dXNlbmV0Lm5ldC9mZnNlYXJjaC5odG1sP2E9cmVnbWVjaFRBS0VPVVQlMjBDQVBTaG90bWFpbCUyMGNvbSUyMHJlZ21lY2gmZD0yMDA2MTAwNSZzPVRodXJzZGF5K3JlZ21lY2grSlBHKyZ0PWdycCZnPWFsdC5iaW5hcmllcy5ub3NwYW0uYW1hdGV1ci5mZW1hbGU-&hl=1011101001" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" 74.102.233.132 - - [17/Jan/2007:15:07:22 -0600] PHP:
Oh wait. I could be just really newbish to all this.. But Do you think these are real surfers, or just bots?
Nine pages a second is a either a hell of a surfer, or an arthritic bot . I don't know. You can ban an ip with htaccess, though. <Limit GET> order allow,deny allow from all deny from ipaddresshere </Limit> Code (markup):
Hey flagdaddy, Thanks for the prompt reply. I gave you a green rep! I noticed this: http://www.google.com/search?q=+"in...,GGLD:2004-32,GGLD:en&start=360&sa=N&filter=0 on my log. So some "bot" or someone, typed this in: +"include form" +"remove scripts" +"accept cookies" +"show images" and got to my site? Probably proxy.org or something? Do you think it's okay to block IP addresses with like thousands of pages in a day? I have a feeling they're trying to much up my resource. AHHH thank you! I get your script. Please leave me a green rep too! thanks
What does the user with the banned IP address see when they come to my site? Gave you a green rep SFOD_D223. Thanks! also I checked out your links
204.209.93.52 Also this IP, at first I thought it was a girl, she kept on checking on handbags at amazon. But FUCK, I don't believe it anymore, because that's the only single site that she sits her ass on. By analyzing the log, is there any way to tell which site they also visited? Also, how do I use Awstats, with the raw log files (I downloaded it from my prior host)
Assuming it's apache, there are things like mod_security that help detect floods and can automatically block them too
9 pages a second? Where? I see 9 hits in a second but not pages, just retrieving all the images etc. Maybe i'm wrong? But if not wouldn't that be kinda normal...?