: Many requests in my logs to the same obscure page from Opera Mini. What can be the explanation? I checked my site's logs and I found 20 thousand requests on the same day all to an obscure
I checked my site's logs and I found 20 thousand requests on the same day all to an obscure page of my site. The IP address of the requests belong to Opera Mini.
Can someone explain this?
I would be less surprised if the requests were spread out through the site, because then it could be regular Opera Mini traffic by users. But why 20 thousand requests to a completely uninteresting page on my site?
And there is no sign of this in Analytics, so it's not regular traffic, because Javascript is not run, so I don't see the traffic spike in Analytics.
More posts by @Goswami781
1 Comments
Sorted by latest first Latest Oldest Best
I have hundreds of sub-domains of opera-mini.net. Too many to count! I did a quick review of about 20 of them and I see two things:
1] Rogue Spider: A spider or bot that disobeys or ignores the robots.txt file.
2] Stealth Spider: A spider or bot that tries to fly under the site owners radar when analyzing their log file.
It is likely that this is a scraper bot that you will want to block.
I have provided some block code to try and help. I am familiar with Apache. If I have made any mistakes, please let me know. You can block by host name, IP address or IP address block. In this case, I suggest blocking by IP address block.
IP: 82.145.208.160
Host: z27-11.opera-mini.net
ASN: AS39832 - Opera Software ASA
IP Address Range:
82.145.208.0 - 82.145.223.255
NetMask:
Block: 82.145.208.0/20
Base Address: 82.145.208.0
Broadcast Address: 82.145.223.255
Net Mask: 255.255.240.0
Host Mask: 0.0.15.255
Bits: 20
Size: 4096
2nd Element: 82.145.208.2
Block by Host
Using Apache .htaccess.
RewriteCond %{HTTP_HOST} ^z27-11.opera-mini.net$ [NC]
RewriteRule .* - [F,L]
Using Microsoft IIS Web Server
<rule name="abort domain name z27-11.opera-mini.net" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REMOTE_HOST}" pattern="^z27-11.opera-mini.net$" />
</conditions>
<action type="AbortRequest" />
</rule>
Block by IP Address
Apache .htaccess File
RewriteCond %{REMOTE_ADDR} ^82.145.208.160$ [NC]
RewriteRule .* - [F,L]
Cisco Firewall
access-list deny-82-145-208-160-32 deny ip 82.145.208.160 any
permit ip any any
Nginx
Edit nginx.conf and insert include blockips.conf; if it does not exist. Edit blockips.conf and add the following:
deny 82.145.208.160;
Microsoft IIS Web Server
<rule name="abort ip address 82.145.208.160/32" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="^82.145.208.160$" />
</conditions>
<action type="AbortRequest" />
</rule>
Windows netsh ADVFirewall Firewall
netsh advfirewall firewall add rule name="block-ip-82-145-208-160-32" dir=in interface=any action=block remoteip=82.145.208.160/32
Block by IP Address Block
Apache .htaccess File
RewriteCond %{REMOTE_ADDR} ^82.145.(2*[0-2]+[8901234567]+).([0-2]+[0-5]+[0-5]+)$ [NC]
RewriteRule .* - [F,L]
Cisco Firewall
access-list deny-82-145-208-0-20 deny ip 82.145.208.0 0.0.15.255 any
permit ip any any
Nginx
Edit nginx.conf and insert include blockips.conf; if it does not exist. Edit blockips.conf and add the following:
deny 82.145.208.0/20;
How to block by IP address block using Linux IPTables Firewall.
Note: Use with caution.
/sbin/iptables -A INPUT -s 82.145.208.0/20 -j DROP
Microsoft IIS Web Server
<rule name="abort ip address block 82.145.208.0/20" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="^82.145.223..*$" />
</conditions>
<action type="AbortRequest" />
</rule>
Windows netsh ADVFirewall Firewall
netsh advfirewall firewall add rule name="block-ip-block-82-145-208-0-20" dir=in interface=any action=block remoteip=82.145.208.0/20
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.