Hi all! (And I hope my question won't be as foolish as the last one :-)
Starting from yesterday I am having lots of accesses by what appears to be a bot or spider. At first when I found my stats file inflating certain pages views, I had expected to have been hit by referrer spam. But there is no referrer. Only the blog part of my site is being targeted, the same URLs are hit again and again, sometimes more than 200-300 times. Originating IPs seem to be all over the place, from places as far away as China and Germany. I have now blocked access to this from apaches httpd.conf, returning 403, in order to save some bandwidth and retain sane access statistics. The attacks remain. The browser ID string is always the same, it seems to be one that has been often used as an example in perl and web spidering books. I have not had a legitimate page request with this browser id string in the last 4 months (that I could overview from log files). So I do not expect that there is a legitimate userbase being denied access. Here is a small sample from the access_log file: 213.162.50.228 - - [25/May/2005:16:28:47 +0200] "GET /blogs/ch-athens/30 HTTP/1.1" 403 299 "-" "Mozilla/4.76 [en] (Win98; U)" 219.95.111.181 - - [25/May/2005:16:30:40 +0200] "GET /blogs/ch-athens/65 HTTP/1.0" 403 287 "-" "Mozilla/4.76 [en] (Win98; U)" 213.162.50.228 - - [25/May/2005:16:40:04 +0200] "GET /blogs/ch-athens/107 HTTP/1.1" 403 300 "-" "Mozilla/4.76 [en] (Win98; U)" 213.162.50.228 - - [25/May/2005:16:40:12 +0200] "GET /blogs/ch-athens/104 HTTP/1.1" 403 300 "-" "Mozilla/4.76 [en] (Win98; U)" So: Has anyone seen this before? Is it targetting weblogs in general? Is it targetting COREBlog? Or just me? Any comments on this? Thanks for taking the time! Regards, Sascha _______________________________________________ COREblog-en mailing list [email protected] http://postaria.com/cgi-bin/mailman/listinfo/coreblog-en Unsubscription writing to [EMAIL PROTECTED]
