Results 1 to 14 of 14
  1. #1
    ABW Ambassador
    Join Date
    June 30th, 2007
    Location
    Syracuse, NY
    Posts
    677
    Is this like an attack? (Updated: Yeah seems to be)
    At the moment, I have someone going through every single link on one of my websites. Even ones like this: /blog/wp-content/themes/classic I don't use that theme, and don't see how someone could try to access that? Gives a 301.

    I even see some affiliate link hits, which aren't showing up in ShareASale.

    In the log it says Agent: Mozilla/4.0 (compatible; MSIE 4.0; Windows NT; ....../1.0 )

    Anyone know if that is just a bot? An attack of some sort?

    IP look up shows: NORTHWEST OPEN ACCESS NETWORK for ISP.

    This started a little over an hour ago and is still happening. Seems to stay on pages between 15-10 seconds, so its a slow bot? I don't know..

    Any ideas? Should I just ban the IP?

    Edit: Now it is trying to load my pages with www.mysitedomainname.org after the link.. I'm banning it. Doesn't smell right to me. IP is 64.184.179.75 for anyone else concerned.
    Last edited by Hardaka; July 4th, 2008 at 12:30 AM.

  2. #2
    ABW Ambassador ladidah's Avatar
    Join Date
    October 15th, 2007
    Location
    MA
    Posts
    1,888
    what is their IP?

    Also those directories like wp-content I have blocked in my robots.txt otherwise G spiders them. Maybe it's a robot.

    BTW, how are you able to view all this info/activity?

  3. #3
    ABW Ambassador
    Join Date
    June 30th, 2007
    Location
    Syracuse, NY
    Posts
    677
    Well that's interesting.

    I guess it is some sort of attack?

    I banned the IP and it is still trying to access my website. Going down through the made up links I mentioned, that had been taking up ~6500 bits of memory. Now it takes up nothing, I guess not being allow to access. Still trying though.

    Weird.

    ladidah: Yeah I thought I had the robot block those too. Guess I need to double check. IP is 64.184.179.75 and still trying.. 5 minutes after I blocked it.

    How? My c-panel's latest visitors log.

  4. #4
    ABW Ambassador
    Join Date
    June 30th, 2007
    Location
    Syracuse, NY
    Posts
    677
    So this seems to be the form it is going through.

    It went through every link.

    Then it went through every link but with my www full address after it.

    Now it is going through links with the www full address /folder after it.

    Not using memory now, since I blocked it, but still trying.. 12 minutes after it was blocked. So definitely must be an attack.

    Odd, this website isn't like popular or anything.

  5. #5
    Believe knight01's Avatar
    Join Date
    August 14th, 2006
    Location
    Dayton, Ohio
    Posts
    1,815
    Could be a scraper getting your content, could be an email harvester looking for spam targets, could be a bot looking for email forms to use for spamming.
    Someday starts today
    Military Discounts

  6. #6
    ABW Ambassador
    Join Date
    June 30th, 2007
    Location
    Syracuse, NY
    Posts
    677
    If it were those things, wouldn't it stop after checking all my links, instead of making up links on the domain that would obviously return 404's?

  7. #7
    Believe knight01's Avatar
    Join Date
    August 14th, 2006
    Location
    Dayton, Ohio
    Posts
    1,815
    no, its looking for hidden or private areas using common naming conventions for those areas.
    Someday starts today
    Military Discounts

  8. #8
    ABW Ambassador ladidah's Avatar
    Join Date
    October 15th, 2007
    Location
    MA
    Posts
    1,888
    64.184.128.0 - 64.184.191.255


    About NoaNet
    The Northwest Open Access Network (NoaNet) is a nonprofit corporation operating a regional transport network of over 2,400 miles of fiber optic cable in the Pacific Northwest, leased primarily from the Bonneville Power Administration. NoaNet's network is being designed and built with the future of the converging telecommunications industry in mind and it will focus on deploying this network to rural communities in their serving area. NoaNet is a community-focused organization established to enable greater economic development and quality of life through delivery of advanced, affordable, "open access" telecommunications to northwest rural communities.
    ....

    It doesn't make sense since you are in NY and it's a small company that serves rural areas like Washington, Oregon, Idaho and Montana.

  9. #9
    ABW Ambassador
    Join Date
    June 30th, 2007
    Location
    Syracuse, NY
    Posts
    677
    Quote Originally Posted by knight01
    no, its looking for hidden or private areas using common naming conventions for those areas.
    How is www (dot) mywebsitename (dot) com /folder or section/ www (dot) mywebsite (dot) com a common naming conventions? www only shows up once in addresses?

    Sorry, you could be right.. I'm just confused and never had something trying to access my website like this for almost two hours now.

  10. #10
    ABW Ambassador
    Join Date
    June 30th, 2007
    Location
    Syracuse, NY
    Posts
    677
    It's using up memory again.

    Should I even be able to see it in my logs with the IP blocked?!

    It's accessing /icons/ and all the icons in there, which is not something I knew existed. C-panel icons maybe?

  11. #11
    ABW Ambassador ladidah's Avatar
    Join Date
    October 15th, 2007
    Location
    MA
    Posts
    1,888
    I would try contacting your Web host.

    I don't know how responsive they are but they may be able to check things out on their end.

    Also did you block the entire range? 64.184.128.0 - 64.184.191.255

  12. #12
    ABW Ambassador
    Join Date
    June 30th, 2007
    Location
    Syracuse, NY
    Posts
    677
    Just added the range.

    I did call them, the guy seemed to think I didn't know search bots could try to access my website, and it could just be a few of them trying? Usually the support is good. That was annoying.

    I'll try again in a bit later if it keeps up. Search bots don't spend over 2 hours on a page, least I've never seen that.

    Edit: Oh.. might be over. Stopped 7 minutes ago, lol.

  13. #13
    Newbie
    Join Date
    July 2nd, 2008
    Posts
    3
    Possibly....
    Hi,

    I'm new here, but my background is in law enforcement and computer forensics. My guess is it is someone "copying" your website for whatever reason. Free software such as HT Track will do this, follow links, download files etc...

    There was a site that searched for zip files from domains, and could be easily used to find content for sale and allowed the user to download the file for free, avoiding paying.

    Just my 2 cents...

    Steve

  14. #14
    ABW Ambassador
    Join Date
    June 30th, 2007
    Location
    Syracuse, NY
    Posts
    677
    Thanks Steve, and thank you to everyone else who replied.

    It hasn't started up again, so I guess whatever it was, it is over now.

  15. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Oh yeah,
    By LiveFast in forum Introduce Yourself
    Replies: 1
    Last Post: November 16th, 2009, 09:33 PM
  2. Yeah I am first!
    By Rolet in forum Unethical Affiliates Submissions
    Replies: 0
    Last Post: December 19th, 2007, 05:29 PM
  3. Yeah Yeah Yeah Yeah - Done The forum
    By Tgo in forum Midnight Cafe'
    Replies: 0
    Last Post: November 30th, 2001, 08:21 AM
  4. yeah right
    By Ebudae in forum Commission Junction - CJ
    Replies: 35
    Last Post: November 29th, 2001, 08:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •