weird POST request in IIS logs

Question

I know that stackoverflow is not the correct place to post this question, but i already post this at serverfault and the place seems generally dead.

--

I noticed weird log entries (unless there's something i don't understand) in my IIS (7.5) logs.

it's an online dictionary with requests ( user friendly url rewriting ) and most of them are GET. However I noticed weird POST requests which are taking place by a person who is trying to crawl our content ( tens of thousands of such requests )

2013-11-09 20:39:27 GET /dict/mylang/word1 - y.y.y.y Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) - 200 296
2013-11-09 20:39:29 GET /dict/mylang/word2 - z.z.z.z Mozilla/5.0+(iPhone;+CPU+iPhone+OS+6_0+like+Mac+OS+X)+AppleWebKit/536.26+(KHTML,+like+Gecko)+Version/6.0+Mobile/10A5376e+Safari/8536.25+(compatible;+Googlebot-Mobile/2.1;++http://www.google.com/bot.html) - 200 468

2013-11-09 20:39:29 POST /dict/mylang/word3 - x.x.x.x - - 200 2593

The two first requests are legal. Now for the third request, I don't think I have allowed cross domain POST. if that what the third log line means.

all those POST requests take that much time for unknown reasons to me. I would like to know how are those POST requests possible and how can I stop them.

p.s. I have masked the IPs on purpose.

any help would be appreciated! thank you in advance.

blocking POST generally is not an option, i extensively use AJAX. i want to know how does he do this kind of POST request and how to stop him. I've got tens of thousands of requests, i constantly ban IP ranges through firewall but he just hops through proxies.

this is how a normal POST request ( through ajax happens ):

2013-11-10 10:16:54 POST /dict/mylang/displaySem.php - 85.73.156.122 Mozilla/5.0+(Windows+NT+6.1;+rv:25.0)+Gecko/20100101+Firefox/25.0 http://www.mydomain.com/dict/mylang/randomword 200 171

weird POST request in IIS logs

Answers (1)

Related Questions