A customer whose site I maintain rang this morning saying his website traffic had suddenly increased to getting about 20 times as many hits as usual in the last few days, and asked if this was something to worry about.
I'm not very knowledgeable about this side of things but found his access files where the ip address '' came up a lot. This wasn't present in week old access files. I googled the address and it came up in a page about bots versus browsers.
Can anyone shed any light on all this, please? The full line in the access log reads: - - [27/Jul/2009:00:01:26 +0200] "GET / HTTP/1.1" 200 12469 www.sitename.co.uk "-" "MSNPTC/1.0 (compatible; MSIE 6.0; Windows NT 5.2; MyIE2; .NET CLR 1.1.4322; .NET CLR 1.0.3705)" "-"

Recommended Answers

All 6 Replies

Try adding the IP address to the blocklist in your server/cpanel and see if traffic drops.

It looks like someone may be trying to DoS the website (random attack) to make the server go down, if you have unlimited bandwidth and it is not slowing the site down then you do not need to worry but as thefandango suggested it may be an idea to add the IP to the blocklist

07/28/09 00:40:11 IP block
Trying at ARIN
Trying 207.46.119 at ARIN

OrgName: Microsoft Corp
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

NetRange: -
NetHandle: NET-207-46-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
RegDate: 1997-03-31
Updated: 2004-12-09

RTechHandle: ZM39-ARIN
RTechName: Microsoft
RTechPhone: +1-425-882-8080
RTechEmail: noc@microsoft.com

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@msn.com

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@hotmail.com

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@msn.com

OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: noc@microsoft.com

OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com

# ARIN WHOIS database, last updated 2009-07-27 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
Microsoft hotmail servers:
someone has posted a link to your site in an email the went to an imap folder. when the mail is viewed and imap refreshes (sometimes as small as 1second depending on settings) the link reloads the page.

some think that refreshing the mail folder causes mail to be received faster, but being able to refresh the folder at ridiculous intervals is not efficient
it will be a temporary spike until the mail user no longer uses that link to access the site

A cracker may be trying to overload the site to exploit vulnerability.

I don't know if this is related but, once several Google bots were constantly ambushing my site and were the cause of it going down.

Do you guys think that could be a possible cause. All we had to do was add a meta tag to stop the bots

Stop the bots, and you are no longer indexed on search engines.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.