Snorkasaurus

Hey Doug,

Here’s a pastebin of my traffic since noon today.

http://pastebin.ca/2456446

I should note that this Apache access.log specifically excludes traffic from my browser and it excludes most common search engines (though you will see that Wayback and mail.ru bots are both there). Of the 283 entries since noon, 197 of them were to /?s= and 63 were to /?p=741, which means that 91.8% of my traffic in the last 6.5 hours has been these URLs. To get an idea of scale, my searchengine log file has only 8 entries in the same time period.

The reason I don’t think they are legitimate search engine bots is because the IP addresses that are hitting these URLs are hitting no other pages on my site. The /?p=741 URL is a legitimate post of mine though it is only one short paragraph and has two links (one of which is a dead local link, after having been relocated a long time ago).

Unfortunately I don’t think that BBQ will be effective in treating these requests since both URLs are valid (even if the /?s= request is redundant). I started compiling a list of IP’s which has since turned in to a list of the network segments they are part of, with the intention of perhaps blocking them at my firewall. I didn’t think this was going to be an issue, because they were all coming from IP ranges owned by VPS provider companies like webexxpurts.com and ovh.com – but I found one that is listed as att.net which sounds like it could contain actual customer IP’s.

I’m mildly concerned about it being a virus that other people might be infected with, but frankly if it is a virus then it appears to be mostly harmless (other than irritating traffic levels).

Any thoughts?

Thanks,
Snork.