Topic: Large number of HITS by 1 IP.

[api984]

SAMPLE: from log
Top 30 of 13277 Total Sites
# Hits Files KBytes Visits
1 57012 2.56% 57012 4.09% 1101503 7.43% 1 0.01%
-by a single IP

Top 19 of 85 Total URLs
# Hits KBytes URL
1 56861 99.74% 1101037 99.96% /

RAW Link:
"GET /index.php?lang=si&pid=611&oid=30310114146834751 HTTP/1.1" 200 20008
-this link ends up in log every 1-2 seconds
-as if its refreshing every second.

Top 1 of 1 Total User Agents
# Hits User Agent
1 57012 100.00% Mozilla/5.0 (Windows; U; Windows NT 5.1; sl; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2"

I get these high number of requests every day from random countrys and IPs.

Did anyone had this kind of situation.

[James Blond]

If it is just one url it can be an endless loop in a php script (header).

Others can be searching for a security leak or just a try of a DOS. There is nothing much you can do. If you have a router before your pc you could block it if there is a large number of requests in a time so it does not reaches your apache. Configure your firewall that from the internet are only needed ports are open.

[glsmith]

I was thinking old botnet C&C IP, but the weird thing is there is nothing on Google about it except for a tourist website in Croatia, that posted index.php?blahblah is an actual record at that website, so maybe someone is trying to DOS them and getting you ... or??

[api984]

No answer to that.
I will need so time to think about this in a little more detail.

However I doubt it's a PHP LOOP. I just take care of servers and read logs all the time.
-links are generated by a php class, this should affect whole site

DOS - maybe, if it is it should be a little more agressive than this
BOTs - bot should read multiple pages
AB - could be, but I did not check switches in AB

Nice thing to think about. I'll reply when I see more in detail.