Original first post:
Checking logs this evening there is this unknown bot IP 62.219.8.239 that hit for 4000+ pages in like 15 minutes. Its from Israel which is rare/interesting. Judging by the other people leaving notes, it may be the fastest bot in the west, but probably some sorta ehhhhhhbot.
This isnt a good thing It may crash out your server if it hits when lots of people are on. It used 40 entry processes within 2 minutes from 1 IP. If your DB is not optimized, it will most likely make SQL "gone away" errors and whitepage real visitors. Since it offers nothing, giving ya'll a heads up to ban this thing.
Here is a sample of a 1 second range when it unleashed in the tarpit, it most likely spoofs user agents and/or runs like 20 spam platforms hah:
Code: Select all
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.68 Safari/537.36 Memory: 1MB Time: 0.32 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (compatible) Memory: 1MB Time: 0.39 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/6.0 (compatible) Memory: 1MB Time: 0.42 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Memory: 1MB Time: 0.44 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36 Memory: 1MB Time: 0.55 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0 Memory: 1MB Time: 0.39 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.16 Memory: 1MB Time: 0.36 Sec
@Spam 09-10-2014 08:34:13 PM | Tarpit caught an IP 62.219.8.239 no proxy detected | www.example.com | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 Memory: 1MB Time: 0.35 Sec
EDIT: Months later the same bot hit again. Same spoof user agents, same flood 82.80.249.168 and 82.80.249.153