: Blocking path scanning I'm seeing in my access log a number of request very suspicious: /i /im /imaa /imag /image /images /images/d /images/di /images/dis They part from a known resource (in the
I'm seeing in my access log a number of request very suspicious:
/i
/im
/imaa
/imag
/image
/images
/images/d
/images/di
/images/dis
They part from a known resource (in the above example /images/disrupt.jpg).
All comming from same IP. Requests varies from 1/sec to 10/sec, seems somewhat random.
It's obviously they are trying to find something and seems they are using a script.
How do I block this kind of behaviour? I though of blocking the IP request, at least for a given time.
Keeping in mind that:
Request intervals seems legitimate (at least I think so).
I don't want to end blocking a search engine bot, which may find 404 urls too (and that's a different problem, I know). ¿Do they use always same IP?
More posts by @Carla537
2 Comments
Sorted by latest first Latest Oldest Best
Finally I found who was the responsible, it was a javascript that tried to load the resources in real time as somebody write an article.
As the user was typing the url of an image, the script tried to load it even if the path was not complete, hence that 404 logs.
Do they use always same IP?
No, search engines can be expected to use a variety of IP addresses - but they do always use the same autonomous system (and all the major search engines have their own AS).
If you have the IP address, you can go to ARIN and use the "WHOIS Search" at the upper right-hand corner of the page to look up the autonomous system associated with the IP address.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.