Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Determining Bots from IP addresses

Posted on 2013-11-04
2
Medium Priority
?
651 Views
Last Modified: 2016-02-24
I have a load of ad traffic that is coming from suspected bots.  I do not use Google - this is via our own adserver.

I have 35,000 ad requestes of which 32,000 have come from just 14 IP addresses.  This leads me to suspect that it is bot traffic, however I wanted to try and find a test to prove this.

I have the following IP addresses:
86.138.33.163
81.152.90.196
2.100.248.214
90.244.38.87
82.39.117.105
86.29.101.167
86.149.231.103
2.221.46.25
82.26.240.24
213.249.135.36
86.129.5.190
81.106.59.5
81.133.58.48
94.0.128.74
89.241.88.120
86.135.209.252
2.219.38.165

Which I can determine their origin:


IP      Domain      Location
86.138.33.163      host86-138-33-163.range86-138.btcentralplus.com      United Kingdom flag United Kingdom
81.152.90.196      host81-152-90-196.range81-152.btcentralplus.com      United Kingdom flag United Kingdom, Y9, Porth
2.100.248.214      host-2-100-248-214.as13285.net      United Kingdom flag United Kingdom, J8, Nottingham
90.244.38.87      user-5af42657.broadband.tesco.net      United Kingdom flag United Kingdom, H9, London
82.39.117.105      cpc15-sgyl30-2-0-cust360.18-2.cable.virginm.net      United Kingdom flag United Kingdom, U8, Edinburgh
86.29.101.167      client-86-29-101-167.glfd.adsl.virginm.net      United Kingdom flag United Kingdom
86.149.231.103      host86-149-231-103.range86-149.btcentralplus.com      United Kingdom flag United Kingdom
2.221.46.25      02dd2e19.bb.sky.com      United Kingdom flag United Kingdom, L9, Sheffield
82.26.240.24      cpc3-basf8-2-0-cust23.12-3.cable.virginm.net      United Kingdom flag United Kingdom, J8, Nottingham
213.249.135.36      gateway.howden.press.net      United Kingdom flag United Kingdom, E1, Howden
86.129.5.190      host86-129-5-190.range86-129.btcentralplus.com      United Kingdom flag United Kingdom, H9, London
81.106.59.5      cpc9-ely05-2-0-cust4.5-1.cable.virginm.net      United Kingdom flag United Kingdom, X5, Cardiff
81.133.58.48      host81-133-58-48.in-addr.btopenworld.com      United Kingdom flag United Kingdom, H9, London
94.0.128.74      5e00804a.bb.sky.com      United Kingdom flag United Kingdom, U8, Edinburgh
89.241.88.120      host-89-241-88-120.as13285.net      United Kingdom flag United Kingdom, H3, Leeds
86.135.209.252      host86-135-209-252.range86-135.btcentralplus.com      United Kingdom flag United Kingdom, H9, London
2.219.38.165      02db26a5.bb.sky.com      United Kingdom flag United Kingdom, L2, Rochdale

Like I said I wanted to see if I can test if they are infected IPs.

A couple of thoughts.  Could I ping these IPs and analyse what comes back, i.e. bot traffic appears and disappears very quickly, so can I capture that?

Lost here, but any help - and please don't suggest Google analytics.

many thanks
0
Comment
Question by:eezar21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 58

Accepted Solution

by:
Gary earned 1050 total points
ID: 39623043
Since these all seem to be home IP addresses there is not much you can do.
Is it possible someone is downloading your entire site (scraping)? Though that there is 14 IP's makes this less obvious to detect, maybe they are changing the IP, see below

You could block the IP but this is no guarantee as their IP may change when they turn off/on the router

Whether it is a scraper or bad bot you could create an honeypot for them to follow.
http://www.techjunkie.com/preventing-site-scraping/
Couldn't find a better example online, but the basics are there.
0
 
LVL 47

Assisted Solution

by:David
David earned 450 total points
ID: 39623155
No virus writer is going to be stupid enough to configure a system to respond to ICMP echo (ping) requests.

Also you are assuming that all traffic is TCP, you probably also have UDP type traffic.

Just forget tracing, the IP numbers you see aren't going to be the correct destinations.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question