1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 10:46 am May 21, 2026

Forum Moderators: DixonJones

Message Too Old, No Replies

Strange log entries

trying to understand the log file

         

Hobbs

3:42 pm on Dec 1, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



For the life of me I can't make heads or tails of strange entries as shown below, the second one I block immediately, but I catch those frequently, 4 to 5 times a day from different sources all appearing to be dialup or DSL visitors.



1.2.3.4 - - [01/Dec/2007:09:11:33 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:11:39 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:11:41 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:13:49 -0500] "GET /somepage.html HTTP/1.1" 200 47170 "http://www.mysite.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:13:52 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:13:56 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:13:57 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:15:17 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:15:18 -0500] "GET /somepage2.html HTTP/1.1" 200 45486 "http://www.mysite.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:15:21 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:15:22 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:16:44 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:16:47 -0500] "GET /somepage3.html HTTP/1.1" 200 35164 "http://www.mysite.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:16:48 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:16:50 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:18:27 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:28:13 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:28:17 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:28:24 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:28:28 -0500] "GET / HTTP/1.1" 200 24984 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"
1.2.3.4 - - [01/Dec/2007:09:28:32 -0500] "GET /somepage4.html HTTP/1.1" 200 41323 "http://www.mysite.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)"

35 of the following per second! Till I block it


3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
3.4.5.6 - - [01/Dec/2007:07:14:34 -0500] "GET /SamePage.html HTTP/1.0" 200 11207 "http://www.google.com/search?&q=searchtermhere" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"

Hobbs

3:33 pm on Dec 2, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



In case the quote is not clear, here is what happens

1st case I see same IP doing a:

GET /
GET /
GET /
GET somepage
GET /
GET /
GET /
GET /
GET anotherpage ..

and so on

And case 2 it is:

GET someage appearing to come via a Google serps click

and it repeats tens of times per second, same exact request

anyone has any idea what is going on?

jdMorgan

4:51 pm on Dec 2, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It would be helpful to know what hostname the IP addresses resolve to -- Look up the IP addresses in ARIN, APNIC, RIPE, etc. and see if that gives you any ideas. If not, do a full reverse-DNS lookup using your favorite DNS lookup tool.

Otherwise, block them and be done with it. Life's too short. :)

Jim

Hobbs

6:06 pm on Dec 2, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Indeed life is too short,
If it was one IP or even a consistent 20 I would have blocked them a long time ago, but these are DSL and dial IPs different user agents from different countries with high daily frequency, it's more of a trend that an individual case that's why I thought maybe someone here knows what's going on.

Here is my initial thoughts:
The repeated Get / then a page then another could be some personal firewall or antivirus?

The 35-60 serps click per second could be a new way to affect my keyword position?

I have no idea, just throwing thoughts into the wind here.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 10:46 am May 21, 2026