My website is suffering from an apparent bot which GETs a particular URL 5 times within a second, waits exactly 2 minutes, then repeats. The request is coming from the same IP address each time, and I have not observed any malicious payload, so I'm undecided on whether it is some form of spam bot. The User-Agent claims to be IE6, which is always suspicious in such an obviously non-human request pattern.
Anyway, I have done a reverse lookup on the IP and have located a contact at that domain, but am I wasting my time trying to get in touch with them? If it's a spam bot, won't the IP address be spoofed? How common is IP address spoofing in HTTP spammers? Does the HTTP protocol make it difficult in any way?
If you spoof the IP, you won't get any response to your http request. Other than that, the http protocol doesn't make spoofing any easier or harder.
However, the IP address will be that of the last proxy server or load balancer between the source and your server, so if it is malicious, I would expect they're going through some open proxy and you won't easily be able to trace them back.
If it's just accidental misconfiguration, you're in with more of a chance.
Does the URL they are returning exist on your site?
Can you configure your web server to return an error (401 Forbidden , 500 Internal server error, 301 permanent redirect, perhaps) only to GETs from that address? If the other end starts getting errors maybe they'll investigate and fix things)