Why is this IP Address Killing My Bandwidth?

[tsruha]

69.64.35.154

is responsible for over 750 users at one time. I did search and Honeypot doesn't show anything negative and it goes back to Hosting Solutions International out of St. Louis Missouri.

I watched my message board go from 43 users online to nearly 800 in a matter of just a couple of minutes.

Do you know what this is any what it's doing?

[Birched]

Possibly a bot? I don't see that IP as blacklisted or as a spam site in the places I normally look, but this site:

http://decision-medicale.com/attaquants-semaine-15.php

says it may be a search bot ( http://www.botopedia.org/user-agent-list/search-bots/mj12-bot.html )

[tsruha]

Would you ban it? I mean it caused a huge hit on my bandwidth or is this something that I shouldn't be concerned with?

[Dmacleo]

it show a user agent mentioning majestic12 or similar?

iirc this was a bot from some uk domain.

[Aiwa]

That bot hit me a while back... IIRC it obeys a robots.txt crawl delay of up to 20 seconds.

[tsruha]

That bot hit me a while back... IIRC it obeys a robots.txt crawl delay of up to 20 seconds.

Should I ban the ip?

[Aiwa]

That's up to you if you want to ban a bot... I would first put in a crawl delay in your robots.txt to try and slow it down before banning it, though.

[Aussie Cable]

Report the issue to it's provider if you feel it is in breach of your ToS.

For me, I get this info for that IP:

florimleads. info seems to be a lead sharing site (or was). Id personally ban the IP and report the issue to it's provider. That will stop the funny business.

I also found this thread on the IP (only 20 days old). May be intersting to some.

[Grumpy]

Personally, I'd block it.

s4y (startdedicated.com is their default rdns host) is a budget dedi brand. Likely someone set up some sort of a scraper.

This is a personal approach, but if I see a heavy usage from an IP that's 1. a server, 2. never bothered to setup rdns, they have no business making excessive requests.

[tsruha]

That's the same info I got. I banned it. It seems like this company, Hosting Solutions International may create bots for people to get information from websites that normally they would not have access to or have time to gather the information. I have no idea I just didn't like the 700+ users at one time it created.

[jojobean]

Sounds like this could cost you money. so block it. Then work your robots txt,

[tsruha]

ip address 76.100.228.145 just ran my site up to over 22,000 users at one time!!!

[tsruha]

It traces back to a local company that inquired about to do some SEO for me. They ran a crawler to see the size of my site and this was result. I had no idea they were going to go this. Total was 26,000+ users online at one time for this one ip address.

I assume this is going to affect my monthly hosting package here at Invision.

[Aussie Cable]

As an administrator, I have zero tolerance for breaches of ToS of my server, which includes IP address abuse. I have setup a script for my firewall that bans IP addresses for a time, that breach a pre determined number of attempts to access our webserver.

I assume this is going to affect my monthly hosting package here at Invision.

I doubt it would, as IPS should have scripts/safeguards against this type of issue (basic DDoS or excessive IP address abuse) and they should be the one's who report the abuse to the IP range providers.

If it is an issue, ban the IP and contact IPS for advice, I do not see a long running thread is going to help the issue any further than it already has :thumbsup:

[Kyle F]

If these "bots" are running up your user online limit then I'd definitely recommend banning it. Otherwise your hosting with IPS will keep being upgraded or suspended and will cost you more than what you want to pay for.

[Nevo]

I've had good experience with services like Cloudflare to deal with such occurrences.

If you get tired of monitoring and banning them, something like Cloudflare would be a good way to go.

I'm sure their free plan will be able to fix your problem, but if not, you can always use their Pro for $20/month.

[rct2·com]

As an administrator, I have zero tolerance for breaches of ToS of my server, which includes IP address abuse. I have setup a script for my firewall that bans IP addresses for a time, that breach a pre determined number of attempts to access our web server.

For those without the skills to write their own, the APF firewall script is pretty good at doing this. https://www.rfxn.com/projects/advanced-policy-firewall/

[Aussie Cable]

For those without the skills to write their own, the APF firewall script is pretty good at doing this. https://www.rfxn.com/projects/advanced-policy-firewall/

Awesome post, this will help many people who don't have script writing skills :thumbsup:

Excellent contribution!

[Dmacleo]

csf also does it, but I set my blocks for permanent as I kept seeing same ip popping up. I am using directadmin and tied its bruteforce monitor (similar to cpanel hulk protection) into csf also.