tsruha Posted April 24, 2014 Share Posted April 24, 2014 69.64.35.154 is responsible for over 750 users at one time. I did search and Honeypot doesn't show anything negative and it goes back to Hosting Solutions International out of St. Louis Missouri. I watched my message board go from 43 users online to nearly 800 in a matter of just a couple of minutes. Do you know what this is any what it's doing? Link to comment Share on other sites More sharing options...
Birched Posted April 24, 2014 Share Posted April 24, 2014 Possibly a bot? I don't see that IP as blacklisted or as a spam site in the places I normally look, but this site: http://decision-medicale.com/attaquants-semaine-15.php says it may be a search bot ( http://www.botopedia.org/user-agent-list/search-bots/mj12-bot.html ) Link to comment Share on other sites More sharing options...
tsruha Posted April 24, 2014 Author Share Posted April 24, 2014 Would you ban it? I mean it caused a huge hit on my bandwidth or is this something that I shouldn't be concerned with? Link to comment Share on other sites More sharing options...
Dmacleo Posted April 24, 2014 Share Posted April 24, 2014 it show a user agent mentioning majestic12 or similar? iirc this was a bot from some uk domain. Link to comment Share on other sites More sharing options...
Aiwa Posted April 24, 2014 Share Posted April 24, 2014 That bot hit me a while back... IIRC it obeys a robots.txt crawl delay of up to 20 seconds. Link to comment Share on other sites More sharing options...
tsruha Posted April 24, 2014 Author Share Posted April 24, 2014 That bot hit me a while back... IIRC it obeys a robots.txt crawl delay of up to 20 seconds. Should I ban the ip? Link to comment Share on other sites More sharing options...
Aiwa Posted April 24, 2014 Share Posted April 24, 2014 That's up to you if you want to ban a bot... I would first put in a crawl delay in your robots.txt to try and slow it down before banning it, though. Link to comment Share on other sites More sharing options...
Aussie Cable Posted April 24, 2014 Share Posted April 24, 2014 Report the issue to it's provider if you feel it is in breach of your ToS. For me, I get this info for that IP: florimleads. info seems to be a lead sharing site (or was). Id personally ban the IP and report the issue to it's provider. That will stop the funny business. I also found this thread on the IP (only 20 days old). May be intersting to some. Link to comment Share on other sites More sharing options...
Grumpy Posted April 24, 2014 Share Posted April 24, 2014 Personally, I'd block it. s4y (startdedicated.com is their default rdns host) is a budget dedi brand. Likely someone set up some sort of a scraper. This is a personal approach, but if I see a heavy usage from an IP that's 1. a server, 2. never bothered to setup rdns, they have no business making excessive requests. Link to comment Share on other sites More sharing options...
tsruha Posted April 24, 2014 Author Share Posted April 24, 2014 That's the same info I got. I banned it. It seems like this company, Hosting Solutions International may create bots for people to get information from websites that normally they would not have access to or have time to gather the information. I have no idea I just didn't like the 700+ users at one time it created. Link to comment Share on other sites More sharing options...
jojobean Posted April 24, 2014 Share Posted April 24, 2014 Sounds like this could cost you money. so block it. Then work your robots txt, Link to comment Share on other sites More sharing options...
tsruha Posted April 25, 2014 Author Share Posted April 25, 2014 ip address 76.100.228.145 just ran my site up to over 22,000 users at one time!!! Link to comment Share on other sites More sharing options...
tsruha Posted April 25, 2014 Author Share Posted April 25, 2014 It traces back to a local company that inquired about to do some SEO for me. They ran a crawler to see the size of my site and this was result. I had no idea they were going to go this. Total was 26,000+ users online at one time for this one ip address. I assume this is going to affect my monthly hosting package here at Invision. Link to comment Share on other sites More sharing options...
Aussie Cable Posted April 25, 2014 Share Posted April 25, 2014 As an administrator, I have zero tolerance for breaches of ToS of my server, which includes IP address abuse. I have setup a script for my firewall that bans IP addresses for a time, that breach a pre determined number of attempts to access our webserver. I assume this is going to affect my monthly hosting package here at Invision. I doubt it would, as IPS should have scripts/safeguards against this type of issue (basic DDoS or excessive IP address abuse) and they should be the one's who report the abuse to the IP range providers. If it is an issue, ban the IP and contact IPS for advice, I do not see a long running thread is going to help the issue any further than it already has :thumbsup: Link to comment Share on other sites More sharing options...
Kyle F Posted April 26, 2014 Share Posted April 26, 2014 If these "bots" are running up your user online limit then I'd definitely recommend banning it. Otherwise your hosting with IPS will keep being upgraded or suspended and will cost you more than what you want to pay for. Link to comment Share on other sites More sharing options...
Nevo Posted April 26, 2014 Share Posted April 26, 2014 I've had good experience with services like Cloudflare to deal with such occurrences. If you get tired of monitoring and banning them, something like Cloudflare would be a good way to go. I'm sure their free plan will be able to fix your problem, but if not, you can always use their Pro for $20/month. Link to comment Share on other sites More sharing options...
rct2·com Posted April 26, 2014 Share Posted April 26, 2014 As an administrator, I have zero tolerance for breaches of ToS of my server, which includes IP address abuse. I have setup a script for my firewall that bans IP addresses for a time, that breach a pre determined number of attempts to access our web server. For those without the skills to write their own, the APF firewall script is pretty good at doing this. https://www.rfxn.com/projects/advanced-policy-firewall/ Link to comment Share on other sites More sharing options...
Aussie Cable Posted April 27, 2014 Share Posted April 27, 2014 For those without the skills to write their own, the APF firewall script is pretty good at doing this. https://www.rfxn.com/projects/advanced-policy-firewall/ Awesome post, this will help many people who don't have script writing skills :thumbsup: Excellent contribution! Link to comment Share on other sites More sharing options...
Dmacleo Posted April 27, 2014 Share Posted April 27, 2014 csf also does it, but I set my blocks for permanent as I kept seeing same ip popping up. I am using directadmin and tied its bruteforce monitor (similar to cpanel hulk protection) into csf also. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.