If you have any suggestions on what to do about them, I'd like to hear from you.
Block the entire IP range, for say 2 weeks at a time.
I'm guessing that these spiders are coming from spammers looking to harvest email addresses. Last nights attack came from 61.51.123.205. No reverse DNS is available. Can anybody provide any insight into where the attacks are coming from?
~> whois 61.51.123.205 ... inetnum: 61.48.0.0 - 61.51.255.255 ... role: CNCGroup Hostmaster e-mail: [EMAIL PROTECTED] address: No.156,Fu-Xing-Men-Nei Street, address: Beijing,100031,P.R.China nic-hdl: CH455-AP phone: +86-10-68019956 fax-no: +86-10-68019958 country: CN admin-c: CH444-AP tech-c: CH444-AP changed: [EMAIL PROTECTED] 20031016 mnt-by: MAINT-CNCGROUP source: APNIC
http://openrbl.org/#61.51.123.205 and http://groups.google.co.uk/groups?q=abuse+Beijing+province
will tell you that they are spammer friendly, so however loud you shout at their abuse address, you are unlikely to get a satisfactory answer, although I'd be interested (but highly sceptical) to see if you get any answer from them.
But if the attackers start doing a better job of disguising their spiders, my detection might fail and this defense would become ineffective.
They will, as they can usually masquerade as any user agent, ignore robots.txt, and if they really want to, will use proxies to disguise their source. In the end it will just become a game of whack a mole, till they get fed up and leech on someone else's site.
Regards P.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
