I noticed in my logs today a lot of activity from the IP address 136.243.212.93. A check of the internet just gave me reports of spam but I couldn't help feel I should dig a little deeper.
First I checked the IP address 136.243.212.93. This IP address is based in Germany.
Next I checked my website logs to find the User Agent String. A bot scanner will let you know more about itself by providing information in the User Agent String. The User Agent String is also used in browser software to let a site know the browser the person is using. If the User Agent String is faked or disguised it may or may not be malicious. A reason you may disguise the user agent string is if you write a bot to collect information but the site only allows browsers. For example you may wish to automate a process that accesses web pages but the site stops you unless you provide a browser User Agent String. Depending on your point of view you're still doing something the site doesn't want you to do so it could be considered inappropriate.
In this case my logs for the IP address showed the following User Agent String.
serpstatbot/1.0 (advanced backlink tracking bot; curl/7.58.0; http://serpstatbot.com/; abuse@serpstatbot.com)
Whilst I may not be entirely pleased my site's being scanned, at least this bot lets me know everything I need to know, including where I can find out more information about the bot and it's purpose.
At this point I can make a decision as to do nothing, block the bot using an entry in the robots.txt file, or block the IP address. In this case I decided that I could reduce unproductive traffic by blocking the IP address. I could have just as easily done nothing and let the bot scan my site/s. A considerable percentage of web traffic really is just automated bots and this is just another one.
It should also be kept in mind that companies often use scanners to get their information into site logs. Then when people check out where the traffic is coming from they've advertised their company to another person as relatively low cost. The one's I'm concerned about are the IP addresses that if you want to directly end up being malicious and could damage your computer. It's a good idea not to visit unknown IP addresses without using a tool to check the address out first.
Kelvin Eldridge
IT support.
www.OnlineConnections.com.au
First I checked the IP address 136.243.212.93. This IP address is based in Germany.
Next I checked my website logs to find the User Agent String. A bot scanner will let you know more about itself by providing information in the User Agent String. The User Agent String is also used in browser software to let a site know the browser the person is using. If the User Agent String is faked or disguised it may or may not be malicious. A reason you may disguise the user agent string is if you write a bot to collect information but the site only allows browsers. For example you may wish to automate a process that accesses web pages but the site stops you unless you provide a browser User Agent String. Depending on your point of view you're still doing something the site doesn't want you to do so it could be considered inappropriate.
In this case my logs for the IP address showed the following User Agent String.
serpstatbot/1.0 (advanced backlink tracking bot; curl/7.58.0; http://serpstatbot.com/; abuse@serpstatbot.com)
Whilst I may not be entirely pleased my site's being scanned, at least this bot lets me know everything I need to know, including where I can find out more information about the bot and it's purpose.
At this point I can make a decision as to do nothing, block the bot using an entry in the robots.txt file, or block the IP address. In this case I decided that I could reduce unproductive traffic by blocking the IP address. I could have just as easily done nothing and let the bot scan my site/s. A considerable percentage of web traffic really is just automated bots and this is just another one.
It should also be kept in mind that companies often use scanners to get their information into site logs. Then when people check out where the traffic is coming from they've advertised their company to another person as relatively low cost. The one's I'm concerned about are the IP addresses that if you want to directly end up being malicious and could damage your computer. It's a good idea not to visit unknown IP addresses without using a tool to check the address out first.
Kelvin Eldridge
IT support.
www.OnlineConnections.com.au
