Jump to content

  • Log In with Google      Sign In   
  • Create Account


Strange IP address hitting my website


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
6 replies to this topic

#1 rlink   Members   -  Reputation: 151

Like
0Likes
Like

Posted 05 February 2013 - 01:44 PM

I have a small sub-site in my website (a subdomain of a domain) that only I know about. It logs the IP addresses of all page requests. I'm getting requests from the IP 8.28.16.254 and I have no clue why. No one knows about this site and I'm absolutely sure it's not mine.

 

EDIT: This is the user agent -- Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

 

What could it be?


Edited by rlink, 05 February 2013 - 01:47 PM.


Sponsor:

#2 Zaoshi Kaba   Crossbones+   -  Reputation: 3881

Like
0Likes
Like

Posted 05 February 2013 - 02:06 PM

Maybe it's server itself?

Other than that, are you completely sure no one knows about it?



#3 Indifferent   Members   -  Reputation: 576

Like
0Likes
Like

Posted 05 February 2013 - 02:14 PM

It'd be of more interest to see the requests it's making. Wouldn't surprise me if it was scanning for known exploits.



#4 BeerNutts   Crossbones+   -  Reputation: 2715

Like
0Likes
Like

Posted 05 February 2013 - 02:24 PM

FWIW, reverse DNS shows this:

 

 

DNS records for nat-dc5.es.bluecoat.com Host Type Data TTL nat-dc5.es.bluecoat.com A 8.28.16.254 600
My Gamedev Journal: 2D Game Making, the Easy Way

---(Old Blog, still has good info): 2dGameMaking
-----
"No one ever posts on that message board; it's too crowded." - Yoga Berra (sorta)

#5 frob   Moderators   -  Reputation: 19633

Like
2Likes
Like

Posted 05 February 2013 - 04:54 PM

A few seconds of googling also shows the IP address is blacklisted by cbl.abuseat.org and xbl.spamhause.org.  

 

 

 

The company itself is a proxy/tunneling/caching company.  That means they likely discovered your web site address by using a cell phone or network proxy (perhaps through your work or your ISP).  


Check out my personal indie blog at bryanwagstaff.com.

#6 Megahertz   Members   -  Reputation: 285

Like
1Likes
Like

Posted 05 February 2013 - 09:44 PM

Brute force scanning is also likely as well.


-=[Megahertz]=-

#7 GWDev   Members   -  Reputation: 279

Like
0Likes
Like

Posted 06 February 2013 - 04:25 AM

It is also possible that some browser plugin reported that you accessed the domain. But in that case it would be more likely that you have a google or bing bot on your page and not some unknown bot/scanner/whatever.

 

You could simply exclude every IP but your own in the .htaccess if you need to be sure, you are the only one that can access the subdomain. (assuming your sever setup supports it)






Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS