So have you tracked the ipaddress through the normal log and worked out what the computer has been looking at ? If you follow it and look at the source yourself, you should then be able to track your own progress. If you use firebug in firefox, then there is a feature where it shows the requests each page makes, (install the add on, click the little bug, click Net, click "all" on the far left and then reload the page and it will show which request is made and whether the server found it), if you can't find any page referring to none and giving a 404 when you surf the exact same path as the ipaddress, then it's likely to be a probe by a hostile botnet looking for information on your server by bringing up a 404 not found page, that would list OS version, webserver version etc... So you have two candidates, either something in the templating system is wrong and "normal" users are bringing up a 404, or you are being probed, in which case then you can't really deny ip addresses as a botnet will have many varying computers and you would be unlucky to be on their list (there was a peak in botnet actvity last night at 5 am UK time). What you could do is add create a .htaccess file in that folder
Code:
ErrorDocument 404 "<html />
the last quote is missed out if you use apache 1.3 and works on 2.0+) that way you are still getting error messages but sending out minimal information and using less server resources just to a botnet (if it is one) it won't stop them but then nothing realistic will and at least you save the bandwidth. Setting up a 403 error message will just still provide the bot net with information, and redireting to your page_not_found would be a bad idea since then for each request you'd end up with 300 database queries multiplied by 350 requests !
Bookmarks