I also checked out bc2.region5.ang.af.mil. Their DNS wasn't screwed up, but why is Bentwaters Royal Air Force Base a top ten web site by usage?
With the IP from www.dnsstuff.com I can scan my log and get:
132.13.10.26 - - [01/Jan/2007:05:22:29 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [01/Jan/2007:05:30:00 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [01/Jan/2007:10:51:20 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [01/Jan/2007:10:58:49 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [01/Jan/2007:16:20:12 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [01/Jan/2007:16:27:38 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [01/Jan/2007:21:47:03 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [01/Jan/2007:21:54:27 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [02/Jan/2007:03:15:55 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [02/Jan/2007:03:23:16 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [02/Jan/2007:08:42:46 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [02/Jan/2007:08:50:05 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [02/Jan/2007:14:11:38 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [02/Jan/2007:14:18:55 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
132.13.10.26 - - [02/Jan/2007:19:38:30 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/3.01 (compatible;)"
132.13.10.26 - - [02/Jan/2007:19:45:44 -0800] "GET /activities/activity_8.html HTTP/1.1" 200 22263 "-" "Mozilla/4.0 (compatible;)"
What's up with this?
It goes on day after day getting the same page. Must be some kind of web robot. It's not a browser, or there would be image and css files downloading too. Total waste of bandwidth, so I'm going to ban them in our firewall.
I suspect I'm wasting a lot of time for very little payback here. In fact, our hosting plan has unlimited bandwidth, BUT it's only a 1.5mbps line, and in 2005 we were at capacity for a couple of weeks. I think that was due to some large PDFs that were being downloaded fairly often at that time. But bandwidth is finite, and it would cost me to get a fatter pipe.
I think once I get more familiar with this sort of thing I'll just check exceptions and monitor things on a regular but not every day basis. My next target is probably going to be hot linking. I haven't worried too much about this, it's a low bandwidth activity. BUT, in my casual checking I have noticed a couple of sites are stealing our text content AND hot-linking back to our images. I'll have to do something about that.
