homepage Welcome to WebmasterWorld Guest from 54.234.128.25
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: Receptional & mademetop

Website Analytics - Tracking and Logging Forum

    
Russian Business Network -Super-stealth bots with "success" homepages?
JAB Creations




msg:4235573
 7:55 am on Nov 27, 2010 (gmt 0)

I've been going over my site's reject logs and I've noticed some really strange activity that very closely seems to mimic bots. There are some IP addresses which if you look up and visit have blank homepages that simply say, "success". In my Apache access logs they look exactly like legit browsers with a two exceptions only one of which I'll mention. The URL's they are requesting are in the typical order that bots would fetch (although from different IP addresses) so clearly it's some sort of scrapper though if it was truly a human using a browser would they have bookmarked the Brazilian Portuguese page and visit several weeks later and then with a different IP address which if you visit has the same blank "success" website that makes the same request to a different URL?

Upon further investigation apparently it's part of the "Russian Business Network". Does any one have a list of IP addresses that I can blacklist or suggestions on countering this scrapper? I've already begun manually blocking the IP addresses though I would like to take more preemptive action if possible.

- John

 

lindy




msg:4238513
 10:16 pm on Dec 3, 2010 (gmt 0)

I have no "list" but blocked a bot from IP 211.104.150.236 (Asia), and one from 77.88.29.247 (Netherlands?) ...I think they're up to no good.

My content (images/text snippets) is being used on BAD sites for BAD reasons. (And right next to my stuff are things from my up&up competitors who have clearly been targeted too.)

I'm now erring on the side of caution, and doing everything I can to stay alert.

Good luck!
--lindy

AlexK




msg:4238564
 1:35 am on Dec 4, 2010 (gmt 0)

The following are all closely connected:
# 2009-11-02 extended DROP rule to entire 95.168.160.0 netblock after more scrapes
# 2009-09-23 added DROP rule to block internetserviceteam.com IP 95.168.178.87
# reason: high-speed scrape
# 2009-09-18 added DROP rule to block internetserviceteam.com IP 188.72.217.11
# reason: high-speed scrape
# 2009-03-20 extended DROP rule to entire 212.95.32.0 netblock after more scrapes
# 2009-02-26 added DROP rule to block internetserviceteam.com IP 212.95.54.179
# reason: continuous high-speed scrapes
# 2009-01-30 extended DROP rule to entire 78.159.96.0 netblock after more scrapes
# 2008-12-01 added DROP rule to block internetserviceteam.com IP 78.159.112.96:
# reason: continuous high-speed scrapes
# 2008-01-12 added DROP rule to block Netdirekt (internetserviceteam.com):
# reason: continuous attempted spam posts into Forums from their network
$IPT -A tcp_inbound -p TCP -s 78.159.96.0/19 -j DROP
$IPT -A tcp_inbound -p TCP -s 84.16.224.0/19 -j DROP
$IPT -A tcp_inbound -p TCP -s 89.149.192.0/18 -j DROP
$IPT -A tcp_inbound -p TCP -s 95.168.160.0/19 -j DROP
$IPT -A tcp_inbound -p TCP -s 188.72.217.11/32 -j DROP
$IPT -A tcp_inbound -p TCP -s 212.95.32.0/19 -j DROP

# 2007-10-25 added DROP rule to block Russian Business Network:
# reason: continuous attempted spam posts into Forums
$IPT -A tcp_inbound -p TCP -s 81.95.144.0/20 -j DROP
$IPT -A tcp_inbound -p TCP -s 81.95.156.0/22 -j DROP

SteveWh




msg:4238604
 4:42 am on Dec 4, 2010 (gmt 0)

The RBN is a large network that often uses "fast-flux" IP switching that changes IP addresses every few minutes. They can send malicious requests to your server from more IP addresses than you can possibly identify and ban.

If you can find common features of the malicious requests, you will be much better off banning by those characteristics in .htaccess than attempting to ban IP addresses.

Artstart




msg:4239644
 11:48 am on Dec 7, 2010 (gmt 0)

what is the purpose of this network, why are the collecting info?

SteveWh




msg:4239887
 11:32 pm on Dec 7, 2010 (gmt 0)

Difficult to improve on this description:
[en.wikipedia.org...]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved