46.161.41.199 St Petersburg 91.207.6.18 Kysehv Ukraine 213.231.43.77 Odessa Ukraine
They're just a few that visit my site a couple hundred times a month. They don't communicate so I figure they're just there to get a pulse.
Chinese used to visit a lot as did Turkey but I think their crawlers were responding to the mention of them in news stories.
None of the foreign visits are near as many as I get from Chicago, though. But to be honest half of the Chicago visits appear to be commercial. I do get a lot of abuse watchers judging by the information gleaned from tracing the IP's.
You can enter IP addresses into your favorite search engine for the information.
Do a whois on the ip address for more info.
A lot of bots are for search engines, both American and from other countries. They’re simply crawling your site(s), downloading pages to add them to their search db. It’s a little scary when you see a Chinese IP crawling your whole site, then you realize it’s just Baidu.
You can also take look at the URLs that are being submitted to your site. You’ll see a lot of foreign IPs are submitting URLs to your webserver that are attempting to exploit known vulnerabilities, such as logging in to various development tools with default admin account/password. Then for more fun, do a whois on the IP this originated from and you’ll get, for example, a Chinese telco as the registrant of the IP. Chinese state hacking efforts come out of such sources. Russian and Eastern European efforts frequently come out of what appear to be data center/hosting businesses. You begin to realize that there is no one to “complain” to. A datacenter or telco will just say it may be one of their customers but they can’t do anything about it. Normally I doubt they’d get back to you. I only ever found a small amount of such attempts to come from American or other “five eyes” IPs. Of course, the five eyes countries certainly have the capability to be physically present in other countries through fronts (like all intel services do) or of course fake the source IP of their attempts if they’re serious.
Of course, words to the wise: do not install any software you don’t need to, be very sure when you apply an update that you are not introducing a vulnerability to your own server, use full strength passwords, if you only need a service to listen on the local IP then do that, etc., etc., etc. I found with my server that an exception was IP6; in order to secure things, even though I was not using it, it had to be installed and configured. There was just no way to have it completely disappear.