While investigating errors in my php_errors log file yesterday I stumbled across someone leaching data from one of our sites. I blocked him with a .htaccess entry but by the time I left work yesterday they hadn’t noticed that their application wasn’t working.
I came into work this morning and saw that the requests had stopped. Good! Then I grepped for libwww-perl and was disappointed to see requests going to our main server for the same data. A .htaccess file stopped that too but it’s tiresome.
I should check referers but that’s not guaranteed to work and that method actually bit us hard a few years back when a partner couldn’t access data from their site.
Are there any apps out there for detecting this sort of thing from the log files? I’m guessing that a statistical analysis of the logs would show up lots of the same or similar requests over a short period and/or repeated on a regular basis.
Anyway, thank you 18.104.22.168 for adding one more job to my list of things to do. I’ve already mailed abuse at your ISP. They may be in touch soon.
You might also like