?
Solved

Determining Bots from IP addresses

Posted on 2013-11-04
2
Medium Priority
?
705 Views
Last Modified: 2016-02-24
I have a load of ad traffic that is coming from suspected bots.  I do not use Google - this is via our own adserver.

I have 35,000 ad requestes of which 32,000 have come from just 14 IP addresses.  This leads me to suspect that it is bot traffic, however I wanted to try and find a test to prove this.

I have the following IP addresses:
86.138.33.163
81.152.90.196
2.100.248.214
90.244.38.87
82.39.117.105
86.29.101.167
86.149.231.103
2.221.46.25
82.26.240.24
213.249.135.36
86.129.5.190
81.106.59.5
81.133.58.48
94.0.128.74
89.241.88.120
86.135.209.252
2.219.38.165

Which I can determine their origin:


IP      Domain      Location
86.138.33.163      host86-138-33-163.range86-138.btcentralplus.com      United Kingdom flag United Kingdom
81.152.90.196      host81-152-90-196.range81-152.btcentralplus.com      United Kingdom flag United Kingdom, Y9, Porth
2.100.248.214      host-2-100-248-214.as13285.net      United Kingdom flag United Kingdom, J8, Nottingham
90.244.38.87      user-5af42657.broadband.tesco.net      United Kingdom flag United Kingdom, H9, London
82.39.117.105      cpc15-sgyl30-2-0-cust360.18-2.cable.virginm.net      United Kingdom flag United Kingdom, U8, Edinburgh
86.29.101.167      client-86-29-101-167.glfd.adsl.virginm.net      United Kingdom flag United Kingdom
86.149.231.103      host86-149-231-103.range86-149.btcentralplus.com      United Kingdom flag United Kingdom
2.221.46.25      02dd2e19.bb.sky.com      United Kingdom flag United Kingdom, L9, Sheffield
82.26.240.24      cpc3-basf8-2-0-cust23.12-3.cable.virginm.net      United Kingdom flag United Kingdom, J8, Nottingham
213.249.135.36      gateway.howden.press.net      United Kingdom flag United Kingdom, E1, Howden
86.129.5.190      host86-129-5-190.range86-129.btcentralplus.com      United Kingdom flag United Kingdom, H9, London
81.106.59.5      cpc9-ely05-2-0-cust4.5-1.cable.virginm.net      United Kingdom flag United Kingdom, X5, Cardiff
81.133.58.48      host81-133-58-48.in-addr.btopenworld.com      United Kingdom flag United Kingdom, H9, London
94.0.128.74      5e00804a.bb.sky.com      United Kingdom flag United Kingdom, U8, Edinburgh
89.241.88.120      host-89-241-88-120.as13285.net      United Kingdom flag United Kingdom, H3, Leeds
86.135.209.252      host86-135-209-252.range86-135.btcentralplus.com      United Kingdom flag United Kingdom, H9, London
2.219.38.165      02db26a5.bb.sky.com      United Kingdom flag United Kingdom, L2, Rochdale

Like I said I wanted to see if I can test if they are infected IPs.

A couple of thoughts.  Could I ping these IPs and analyse what comes back, i.e. bot traffic appears and disappears very quickly, so can I capture that?

Lost here, but any help - and please don't suggest Google analytics.

many thanks
0
Comment
Question by:eezar21
2 Comments
 
LVL 58

Accepted Solution

by:
Gary earned 1050 total points
ID: 39623043
Since these all seem to be home IP addresses there is not much you can do.
Is it possible someone is downloading your entire site (scraping)? Though that there is 14 IP's makes this less obvious to detect, maybe they are changing the IP, see below

You could block the IP but this is no guarantee as their IP may change when they turn off/on the router

Whether it is a scraper or bad bot you could create an honeypot for them to follow.
http://www.techjunkie.com/preventing-site-scraping/
Couldn't find a better example online, but the basics are there.
0
 
LVL 47

Assisted Solution

by:David
David earned 450 total points
ID: 39623155
No virus writer is going to be stupid enough to configure a system to respond to ICMP echo (ping) requests.

Also you are assuming that all traffic is TCP, you probably also have UDP type traffic.

Just forget tracing, the IP numbers you see aren't going to be the correct destinations.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

By, Vadim Tkachenko. In this article we’ll look at ClickHouse on its one year anniversary.
Media Temple is proud to announce our partnership with the Society of Digital Agencies (SoDA) as their exclusive hosting partner.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question