1 pmakulski Mar 16, 2006 01:37
OK. I'm new to this. I took a quick look around and didn't see any obvious answers, so I'll ask the question.
What the heck are they doing, and how can I stop them?
I keep my black list up to date; I remove spam referrals and spam comments.
I'm using version 0.9.0.12
I was noticing on my Direct Accesses page that I had one page that was being hit repeatedly. This page has no links or comments or tracebacks.
I looked in my cpanel Raw access logs and I found this:
217.206.228.67 - - [15/Mar/2006:18:54:53 -0500] "GET /index.php/2005/11/17/how_pessimistic_am_i HTTP/1.1" 403 - "http://pussyx.sultrys...
200.118.2.220 - - [15/Mar/2006:18:55:09 -0500] "GET /index.php/2005/11/17/how_pessimistic_am_i HTTP/1.1" 403 - "http://pussyx.sultryse...
200.118.2.220 - - [15/Mar/2006:18:58:20 -0500] "GET /index.php/2005/11/17/how_pessimistic_am_i HTTP/1.1" 403 - "http://www.freaz...
216.93.179.108 - - [15/Mar/2006:18:58:31 -0500] "GET /index.php/2005/11/17/how_pessimistic_am_i HTTP/1.1" 200 24366 "http://www.freaz...
200.118.2.220 - - [15/Mar/2006:18:58:39 -0500] "GET /index.php/2005/11/17/how_pessimistic_am_i HTTP/1.1" 403 - "http://totally.isgr...
207.253.115.202 - - [15/Mar/2006:18:58:50 -0500] "GET /index.php/2005/11/17/how_pessimistic_am_i HTTP/1.1" 200 24059 "http://totally.isgr...
200.118.2.220 - - [15/Mar/2006:19:03:25 -0500] "GET /index.php/2005/11/17/how_pessimistic_am_i HTTP/1.1" 403 - "http://really.isgr.../fat-teens/teenage/definition.html"...
All of the hits were coming from a very few ip addresses.
I added these ip addresses to the cpanel IP Deny Manager list.
But that didn't stop them.
I contacted my host tech support. They didn't seem concerned because it was only a small piece of my bandwidth, (But it is using several gigabytes per month and it concerns me. I want it to stop.
Can anybody tell me what this is and how it can be stopped?
I would suggest that you update to version 0.9.1 "Dawn" as a first step