Actually I found a section of my logs that describes what I am
concerned about... View at the end of this email... you can see that
come from the same class B, however they are from different computers,
different programs, and different operating systems even. (even though
imagine that that info can be spoofed)

But what it is doing is just raping my system for everything HTML, and
probably would rape my system of everything if I had directory browsing
allowed. Hell I even tossed in a subesquent attempt to use my system as
an open relay for spam bastards. I alot of the hits are for web pages
that were never on my system but alot of them are or were at one point.
Whoever is doing this is also trying to get creative in grabbing web pages
that are not even indexed in any page on my website, but managed to find
and download anyway... NSLookup cant find anything, whois cant find
anything... hell they are even trying to reference directories that I
have aliased but are trying to grab by the actual directory names.

Have you folks seen anything like this, is it a common occurance? What
are the perps after?... It does seem like a very co-ordinated attack.

Ideas folks?

Exerpt Below:

2003-08-17 17:48:32 65.102.23.169 GET /Default.htm - 200 0 11375 278 4517 HTTP/1.0 www.mccc.dynu.com Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
2003-08-17 17:48:46 65.102.23.161 GET /Emmamovies.htm - 200 0 13036 293 7001 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:48:58 65.102.23.169 GET /GuestBook.htm - 200 0 13135 291 3895 HTTP/1.0 www.mccc.dynu.com Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
2003-08-17 17:49:41 65.102.23.153 GET /photopage1.htm - 200 0 12060 296 32236 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - -
2003-08-17 17:49:51 65.102.23.169 GET /KittyPage.htm - 200 0 7684 291 1792 HTTP/1.0 www.mccc.dynu.com Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
2003-08-17 17:50:06 65.102.12.225 GET /blog.htm - 200 0 28493 286 5398 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
2003-08-17 17:50:20 65.102.23.161 GET /Rocketry.htm - 200 0 12486 291 2183 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:50:34 65.102.12.225 GET /Links.htm - 200 0 27201 287 5287 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
2003-08-17 17:50:44 65.102.23.169 GET /EmmaPix2003.htm - 200 0 13464 293 1963 HTTP/1.0 www.mccc.dynu.com Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
2003-08-17 17:50:56 65.102.23.161 GET /RocLake6.htm - 200 0 18756 291 4877 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:51:04 65.102.23.169 GET /reports/ - 302 0 327 285 0 HTTP/1.0 www.mccc.dynu.com Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
2003-08-17 17:52:04 65.102.23.153 GET /reports/Default.htm - 200 0 35240 290 49551 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - -
2003-08-17 17:52:18 65.102.23.169 GET /WWMovie.htm - 200 0 8486 289 5618 HTTP/1.0 www.mccc.dynu.com Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
2003-08-17 17:52:31 65.102.23.161 GET /JackassPages.htm - 200 0 7918 295 5118 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:52:41 65.102.12.225 GET /Emmamovies2002.htm - 200 0 9174 296 1452 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
2003-08-17 17:52:53 65.102.23.161 GET /guestlog.htm - 200 0 7734 291 3515 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:53:09 65.102.23.153 GET /EmmaPix2002.htm - 200 0 19612 297 8092 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - -
2003-08-17 17:53:27 65.102.23.169 GET /BaptismDay.htm - 200 0 7188 292 5357 HTTP/1.0 www.mccc.dynu.com Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
2003-08-17 17:53:36 65.102.23.161 GET /Christmas2002.htm - 200 0 7243 296 1112 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:53:45 65.102.12.225 GET /StPatty - 404 2 4184 285 0 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
2003-08-17 17:53:54 65.102.23.161 GET /_derived/StPatty - 404 2 4184 295 30 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:54:08 65.102.12.225 GET /Michellelakes.htm - 200 0 27373 295 2403 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
2003-08-17 17:54:18 65.102.12.225 GET /HPproject.htm - 200 0 25516 291 1082 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
2003-08-17 17:54:29 65.102.23.161 GET /Rocketexplain.htm - 200 0 9199 296 2854 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:54:43 65.102.23.161 GET /fire_and_ice.htm - 200 64 12777 295 5368 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:54:54 65.102.23.161 GET /ERC2003.htm - 200 0 15974 290 3966 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:55:02 65.102.12.225 GET /ERCRockets1.htm - 200 0 7169 293 711 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
2003-08-17 17:55:15 65.102.23.161 GET /MyRockets1.htm - 200 0 9530 293 6379 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:55:27 65.102.12.225 GET /Rocketlinks.htm - 200 0 17428 293 3274 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
2003-08-17 17:55:36 65.102.12.225 GET /erc2003.htm - 200 0 15974 289 1151 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
2003-08-17 17:56:38 65.102.23.153 GET /reports/Pages.htm - 200 0 44143 299 51915 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - -
2003-08-17 17:57:27 65.102.23.161 GET /reports/PagesHistory.htm - 200 0 44428 303 36543 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:57:47 65.102.23.161 GET /reports/Pages(LeastVisited).htm - 200 0 44282 310 10405 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
2003-08-17 17:58:55 65.102.23.153 GET /reports/EntryPages.htm - 200 0 23401 304 56591 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - -
2003-08-17 17:59:05 65.102.12.225 GET /reports/EntryPagesHistory.htm - 200 0 24022 307 1782 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
2003-08-17 17:59:14 65.102.12.225 GET /reports/ExitPages.htm - 200 0 23427 299 1382 HTTP/1.0 www.mccc.dynu.com Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -

I do a search and got this
http://www.dnsstuff.com/tools/whois.ch?ip=65.102.23.169

see if they will response to your mail.
well, basically, it could be some system archiving your site,
or like google robot to cache your site. Nothing much you can do,
except report to them... or block their access.

Does it happen all the time for more than a month ?
it could be attacks as well, trying to create load to your server.

I would say mail to the ISP and seek for their helps.

--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...


[quoted text, click to view]
HTTP/1.0 www.mccc.dynu.com
Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
[quoted text, click to view]
7001 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
[quoted text, click to view]
3895 HTTP/1.0 www.mccc.dynu.com
Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
[quoted text, click to view]
32236 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - -
[quoted text, click to view]
HTTP/1.0 www.mccc.dynu.com
Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
[quoted text, click to view]
HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
[quoted text, click to view]
HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
[quoted text, click to view]
HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
[quoted text, click to view]
1963 HTTP/1.0 www.mccc.dynu.com
Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
[quoted text, click to view]
HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
[quoted text, click to view]
290 49551 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - -
[quoted text, click to view]
HTTP/1.0 www.mccc.dynu.com
Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
[quoted text, click to view]
5118 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
[quoted text, click to view]
1452 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
[quoted text, click to view]
HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
[quoted text, click to view]
8092 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - -
[quoted text, click to view]
5357 HTTP/1.0 www.mccc.dynu.com
Mozilla/5.0+(compatible;+Konqueror/2.1.2;+X11) - -
[quoted text, click to view]
1112 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
[quoted text, click to view]
30 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
[quoted text, click to view]
2403 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
[quoted text, click to view]
1082 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
[quoted text, click to view]
2854 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
[quoted text, click to view]
5368 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
[quoted text, click to view]
HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
[quoted text, click to view]
711 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
[quoted text, click to view]
6379 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+5.0;+Mac_PowerPC) - -
[quoted text, click to view]
3274 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
[quoted text, click to view]
HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+4.0;+Windows+95) - -
[quoted text, click to view]
51915 HTTP/1.0 www.mccc.dynu.com
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - -
[quoted text, click to view]