I get hundreds of lines of a single request in my access logs as of July 4th. This number appeared thousands of times during the hours of this date:
86.128.198.216 - - [22/Jul/2011:00:44:16 +0100] "GET /404.htm HTTP/1.1" 302 414 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C)"
There are others - before the above lines there were hundreds of instances of this:
92.23.237.48 - - [21/Jul/2011:23:36:24 +0100] "GET /404.htm HTTP/1.1" 302 414 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.6; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; eSobiSubscriber 2.0.4.16; .NET4.0C; InfoPath.1; BRI/2)"
And many other similar IP addresses requesting 404.htm hundreds / thousands of time. Consequently, we have exceeded our bandwidth of 100 GB and our site is currently unavailable.
The site is tiny (approximately 2-3,000 visits per month), and I just can’t understand what’s going on. Any help / advice would be appreciated, since I usually don’t deal with the administrative side of the Internet, since until a few months ago we had a guy who worked exclusively on this.
The expectation that my host company is painful to understand this.
Thanks,
Rich
source share