« Just what is tm.net.my anyway? | Main | Hotlink investigation »

What's up at Bentwaters Royal Air Force Base?

I also checked out bc2.region5.ang.af.mil. Their DNS wasn't screwed up, but why is Bentwaters Royal Air Force Base a top ten web site by usage?

With the IP from www.dnsstuff.com I can scan my log and get:

132.13.10.26 - - [01/Jan/2007:05:22:29 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [01/Jan/2007:05:30:00 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [01/Jan/2007:10:51:20 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [01/Jan/2007:10:58:49 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [01/Jan/2007:16:20:12 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [01/Jan/2007:16:27:38 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [01/Jan/2007:21:47:03 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [01/Jan/2007:21:54:27 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [02/Jan/2007:03:15:55 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [02/Jan/2007:03:23:16 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [02/Jan/2007:08:42:46 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [02/Jan/2007:08:50:05 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [02/Jan/2007:14:11:38 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [02/Jan/2007:14:18:55 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [02/Jan/2007:19:38:30 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [02/Jan/2007:19:45:44 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"

What's up with this?

It goes on day after day getting the same page. Must be some kind of web robot. It's not a browser, or there would be image and css files downloading too. Total waste of bandwidth, so I'm going to ban them in our firewall.

I suspect I'm wasting a lot of time for very little payback here. In fact, our hosting plan has unlimited bandwidth, BUT it's only a 1.5mbps line, and in 2005 we were at capacity for a couple of weeks. I think that was due to some large PDFs that were being downloaded fairly often at that time. But bandwidth is finite, and it would cost me to get a fatter pipe.

I think once I get more familiar with this sort of thing I'll just check exceptions and monitor things on a regular but not every day basis. My next target is probably going to be hot linking. I haven't worried too much about this, it's a low bandwidth activity. BUT, in my casual checking I have noticed a couple of sites are stealing our text content AND hot-linking back to our images. I'll have to do something about that.


© 2016 Mike Silversides

About

This page contains a single entry from the blog posted on January 4, 2007 8:43 AM.

The previous post in this blog was Just what is tm.net.my anyway?.

The next post in this blog is Hotlink investigation.

Many more can be found on the main index page or by looking through the archives.