This one really has me scratching my head. For several months now, we are seeing pairs of requests like these:
67.19.56.164 - - [14/Aug/2005:09:31:50 -0400] "GET /robots.txt HTTP/1.1" 206 851 "-" "Mozilla 4.0 (MSIE 5.0 compatible);"
67.19.56.164 - - [14/Aug/2005:09:31:52 -0400] "GET /forum/viewtopic.php?forum=1&showtopic=47410 HTTP/1.1" 200 73334 "-" "Mozilla 4.0 (MSIE 5.0 compatible);"
Some sort of bot, obviously. While it's nice of it to check the robots.txt, it gives no indication of its name or purpose. Also note the 206 status code for the robots.txt - it only downloaded a part of the file (the first 851 bytes).
Things get stranger from there on. It first visited us on August 14th, then August 22nd, then September 2nd. The exact same two requests as above on those three days. From September 3rd on, it visits us several times a day. And it always requests the same four URLs, plus the robots.txt.
Bad Behavior already blocked the September 2nd request and I started blocking it in our .htaccess a few days later, but it keeps on coming back for those URLs every day.
So where is it coming from?
The IP address, 67.19.56.164, belongs to Schlund + Partner, one of Germany's biggest hosting services, but that particular server seems to be located in the US. Or maybe not, since a name lookup for that IP address returns serv4.hostings.pl as the name. Poland?
whois.webhosting.info isn't helping here either. According to them, this IP address only hosts one site (directadmedia.com), but that site is actually on a completely different server.
Simply typing the IP address in the browser's address bar takes us to a seemingly unrelated site, sportone.com. serv4.hostings.pl takes us to a cPanel default screen.
My guess is that 67.19.56.164 is a virtual server, hosting several domains, of which sportone.com just happens to be the default. Some other customer on that server must be running that strange bot, but for which reason I just can't figure out.
I'm giving it a 410 now, maybe that'll stop it.
Comments (0)
Damn Spam!
http://spam.tinyweb.net/article.php/what-does-it-want-from-us