Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 667
  • Last Modified:

Determining Bots from IP addresses

I have a load of ad traffic that is coming from suspected bots.  I do not use Google - this is via our own adserver.

I have 35,000 ad requestes of which 32,000 have come from just 14 IP addresses.  This leads me to suspect that it is bot traffic, however I wanted to try and find a test to prove this.

I have the following IP addresses:
86.138.33.163
81.152.90.196
2.100.248.214
90.244.38.87
82.39.117.105
86.29.101.167
86.149.231.103
2.221.46.25
82.26.240.24
213.249.135.36
86.129.5.190
81.106.59.5
81.133.58.48
94.0.128.74
89.241.88.120
86.135.209.252
2.219.38.165

Which I can determine their origin:


IP      Domain      Location
86.138.33.163      host86-138-33-163.range86-138.btcentralplus.com      United Kingdom flag United Kingdom
81.152.90.196      host81-152-90-196.range81-152.btcentralplus.com      United Kingdom flag United Kingdom, Y9, Porth
2.100.248.214      host-2-100-248-214.as13285.net      United Kingdom flag United Kingdom, J8, Nottingham
90.244.38.87      user-5af42657.broadband.tesco.net      United Kingdom flag United Kingdom, H9, London
82.39.117.105      cpc15-sgyl30-2-0-cust360.18-2.cable.virginm.net      United Kingdom flag United Kingdom, U8, Edinburgh
86.29.101.167      client-86-29-101-167.glfd.adsl.virginm.net      United Kingdom flag United Kingdom
86.149.231.103      host86-149-231-103.range86-149.btcentralplus.com      United Kingdom flag United Kingdom
2.221.46.25      02dd2e19.bb.sky.com      United Kingdom flag United Kingdom, L9, Sheffield
82.26.240.24      cpc3-basf8-2-0-cust23.12-3.cable.virginm.net      United Kingdom flag United Kingdom, J8, Nottingham
213.249.135.36      gateway.howden.press.net      United Kingdom flag United Kingdom, E1, Howden
86.129.5.190      host86-129-5-190.range86-129.btcentralplus.com      United Kingdom flag United Kingdom, H9, London
81.106.59.5      cpc9-ely05-2-0-cust4.5-1.cable.virginm.net      United Kingdom flag United Kingdom, X5, Cardiff
81.133.58.48      host81-133-58-48.in-addr.btopenworld.com      United Kingdom flag United Kingdom, H9, London
94.0.128.74      5e00804a.bb.sky.com      United Kingdom flag United Kingdom, U8, Edinburgh
89.241.88.120      host-89-241-88-120.as13285.net      United Kingdom flag United Kingdom, H3, Leeds
86.135.209.252      host86-135-209-252.range86-135.btcentralplus.com      United Kingdom flag United Kingdom, H9, London
2.219.38.165      02db26a5.bb.sky.com      United Kingdom flag United Kingdom, L2, Rochdale

Like I said I wanted to see if I can test if they are infected IPs.

A couple of thoughts.  Could I ping these IPs and analyse what comes back, i.e. bot traffic appears and disappears very quickly, so can I capture that?

Lost here, but any help - and please don't suggest Google analytics.

many thanks
0
eezar21
Asked:
eezar21
2 Solutions
 
GaryCommented:
Since these all seem to be home IP addresses there is not much you can do.
Is it possible someone is downloading your entire site (scraping)? Though that there is 14 IP's makes this less obvious to detect, maybe they are changing the IP, see below

You could block the IP but this is no guarantee as their IP may change when they turn off/on the router

Whether it is a scraper or bad bot you could create an honeypot for them to follow.
http://www.techjunkie.com/preventing-site-scraping/
Couldn't find a better example online, but the basics are there.
0
 
DavidCommented:
No virus writer is going to be stupid enough to configure a system to respond to ICMP echo (ping) requests.

Also you are assuming that all traffic is TCP, you probably also have UDP type traffic.

Just forget tracing, the IP numbers you see aren't going to be the correct destinations.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now