Is this person up to something?

Posted: Sat Aug 28, 2004 4:10 pm

This IP has over 800 hits in the last 4 days.

It doesn't resolve to anything, that I can find. Using the who-is-where I can see this person is getting to stuff that only someone who is registered should be able to get to.

For example. You gotta be registered to be on a reply page but according to ip_tracking he is on this page. As well as the module private messages.
Anyway, I was thinking maybe this is a bot or something. Any ideas? When he is on the site it is for hours at a time.

Here is the ip.

212.27.41.37

Client Joined: Apr 10, 2004 Posts: 649 Location: UK

It's Amsterdam NL by checking with Sam Spade. It's a bit suss isn't it.

Posted: Sat Aug 28, 2004 5:15 pm

TheosEleos,
I get the same IP on my site a lot.

Here is the page I use to find info on an IP address:
http://www.dnsstuff.com/

Posted: Sat Aug 28, 2004 5:54 pm

I get one that resolves to Microsoft. I figure that is a msn bot or something. I don't understand how he gets to those restricted pages.

Posted: Sat Aug 28, 2004 5:56 pm

If you get the ip on your site a lot then it is probably just a bot. If he does anything evil I'm sure Sentinel will give him a good spanking.

Thanks for the link.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Just because it attempts doesn't mean it sees anything Wink

Posted: Sat Aug 28, 2004 6:00 pm

Ah, I didn't know that ip_tracker logged attempts as well.

Posted: Sat Aug 28, 2004 6:04 pm

I don't know that either as I don't use it. But, that would be my guess.

Posted: Sat Aug 28, 2004 6:42 pm

ip_tracker logs every link followed by any visitor, be it human or bot. If you don't like the bots visiting certain directories try editing your robot.txt

Robots.txt Tutorial [ Only registered users can see links on this board! Get registered or login! ]

Posted: Sun Aug 29, 2004 5:47 pm

I opened my robots.txt and found this.

Disallow: /modules/

Isn't this blocking access to any and all modules?

Posted: Sun Aug 29, 2004 7:09 pm

It should. Unless the bot is just ignoring it, if that the case block that bots with Sentinel

Posted: Sun Aug 29, 2004 7:20 pm

Well, I don't want my forums and news and such being blocked. I wonder if since I have google tap running the rules change?

Posted: Sun Aug 29, 2004 7:46 pm

Check the user-agent see if it's listed as a Bad Bot (google search)

Posted: Sun Aug 29, 2004 8:50 pm

I must be a moron. I can't find what the user-agent is of these two ips.

I used that dnsstuff site and did a whois.

Posted: Sun Aug 29, 2004 9:28 pm

The user-agent is from the person's browser, not any dns info Wink

Posted: Sun Aug 29, 2004 9:29 pm

How do I find that information. (am I digging a hole to big to get out of?) Laughing

Posted: Sun Aug 29, 2004 10:19 pm

If you didn't capture it when he visited your site you missed it.

Posted: Sun Aug 29, 2004 10:23 pm

How do you get it when he is at the site?

Posted: Sun Aug 29, 2004 10:32 pm

Look up the IP address in your Access Logs.... Wink

Posted: Sun Aug 29, 2004 10:34 pm

You guys are just teasing me arent you? Or am I sleep deprived? I can use ip tracker to get any ip I want. Once I have the ip how do I get the user-agent?

Posted: Sun Aug 29, 2004 10:36 pm

I'm telling you that you have to trap it at the same time as it is browser specific, not IP specific. Your application that traps the IP has to trap it.

Posted: Sun Aug 29, 2004 10:37 pm

It will look something like this

Quote:

xx.xx.51.210 - - [10/May/2004:00:42:47 -0700] "GET /robots.txt HTTP/1.1" 200 3636 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MSIECrawler)"

Posted: Sun Aug 29, 2004 10:39 pm

So user-agent is just what application someone uses to browse the internet.

And user-agent in robots.txt is some code written into the robot that says what it's agent is.

Posted: Sun Aug 29, 2004 10:39 pm

ACCESS LOGS PLEASE!!! LOL!!

Posted: Sun Aug 29, 2004 10:42 pm

Yes and Yes and Yes to access logs, maybe. Can't remember if I track that.