Site getting false hits, and guest book spam

varmit

macrumors 68000
Original poster
Aug 5, 2003
1,830
0
I seem to keep getting redirects from a site diamon-jewelry.jal9.com. I setup a loging PHP script in my index page, and I get tons of these entries:
Time: 15:22 29th June
IP Address: 80.237.140.233
Referer: http://diamond-jewelry.jal9.com
Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
I am also getting my guest book spammed and I'm wondering if there is anything more that I can do to track this person down. I use the same scrip to log his IP, but it was a proxy server in mexico that he came thought. His info is
Time: 16:38 30th June
IP Address: 148.244.150.58
Referer:
Browser: Mozilla/4.0
The script I'm using at the moment is
PHP:
<?php
$address = $_SERVER['REMOTE_ADDR'];
$referer = $_SERVER['HTTP_REFERER'];
$browser = $_SERVER['HTTP_USER_AGENT'];

$file = fopen("sitelog.html", "a");
$time = date("H:i dS F");
fwrite($file, "<b>Time:</b> $time<br>");
fwrite($file, "<b>IP Address:</b> $address<br>");
fwrite($file, "<b>Referer:</b> $referer<br>");
fwrite($file, "<b>Browser:</b> $browser<hr>");
fclose($file);
?>
I'm wondering if there is anything I can do to get his full info through the proxy, or anything I can do legally to stop such things from happening.
 

varmit

macrumors 68000
Original poster
Aug 5, 2003
1,830
0
Yeah, its a Debian 3.1 (Sarge) server. Editing the HTACCESS file is good, but I'm still not even sure how this site is refering people, or if it is just pinging my site everyday.
 

superbovine

macrumors 68030
Nov 7, 2003
2,872
0
varmit said:
Yeah, its a Debian 3.1 (Sarge) server. Editing the HTACCESS file is good, but I'm still not even sure how this site is refering people, or if it is just pinging my site everyday.

it isn't. it is a bot. i get a lot from partypoker.com on my site. generally speaking, you can write a php/perl/etc script to troll websites and imprint whatever browser and referer you want. once you click, their logs will record where you click from and later when they parse the logs, the bot will continue you hit your server because the referer was your server of the since you followed the link. (if you follow my sig, you can see an example for a browser imprint in the php code)



the best thing to do, is to figure out the ip address or range of ip address. after that, add to your logging script an if statement that only puts and blank page and logs the activity of the site and referer in question. you could also redirect the bot to a different site like its own site. I also do this for bots that suck my bandwidth. the redirect idea, is to be used with caution, if you piss of the programmer he might decided to leech your bandwidth to death. also, it might help if you made you logging utility not produce a clickable from those sites to keep you from follow the link.