Hi,
I wonder if someone can advise.
My website has been working great ever since i first launched it.
I made a script months ago to notify me of errors like 404, 500 etc and so on and it works perfectly.
Two days ago someone accessed my website and they kept trying to access the same link constantly. This link is to download a file and is only available to members only and if i or anyone else access we never get errors i also never get any errors sent to me via email or in my cpanel error log file. The error log in my cpanel and the error i get via email shows the same ip and it only ever happens to this particular IP. This went on for several hours so i banned the IP.
I unbanned the IP that night and it stopped. but today the same IP apart from the last three digits was different must be doing something as i am having the errors again.
I am getting dozens of emails every few minutes.
Another thing i done a search on my members and notice two accounts one was registered today both have the same IP apart from the last 3 digits. The first account i suspended back two days ago until they contact me but the same IP apart from last 3 digits was logged when someone was registering today. Suspiciously they have the same first name and username is similar to last account i suspended.
So i am guessing if someone can tell me what you think this person might be trying to do maybe hack my site or something althou i dont think they are. But the error only happens to this particluar IP.
What is confusing me i only get this error from those two IP addresses below.
My error log shows as:
mydomain.co.uk [Wed Mar 24 12:23:39 2010] [error] [client 117.98.175.138] Premature end of script headers: download.php, referer: http://www.mydomain.co.uk/download/extension.php
The error i get from my script i made months ago shows:
There was a 500 Not Found error on the www.genieuk.co.cc domain
Details
----------------------------------------------------------------------
When: Wed Mar 24 2010 12:17:59 pm UTC
(Who) IP Address: 117.98.175.138
(What) Tried to Access: http://www.mydomain.co.uk/download/downloads/download.php?filename=iextension.zip
(From where) HTTP Referer: http://www.mydomain.co.uk/download/extension.phpUser Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
I done some reasearch and both IP comes up on the blacklist.
117.98.175.138
ISP: Bharti Broadband
Organization: BCL West
Country: India
State/Region: Maharashtra
City: Mumbai
Latitude: 18.975
Longitude: 72.8258
117.98.76.147
ISP: Bharti Broadband
Organization: BCL West
Country: India
State/Region: Maharashtra
City: Mumbai
Latitude: 18.975
Longitude: 72.8258
Both IP's are said to becoming from India, Mumbai.
Anyone any suggestions, i am completely baffeled.
Thanks
GUK