homepage Welcome to WebmasterWorld Guest from 54.145.209.80
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: Receptional & mademetop

Website Analytics - Tracking and Logging Forum

    
Russian Business Network -Super-stealth bots with "success" homepages?
JAB Creations

WebmasterWorld Senior Member jab_creations us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4235571 posted 7:55 am on Nov 27, 2010 (gmt 0)

I've been going over my site's reject logs and I've noticed some really strange activity that very closely seems to mimic bots. There are some IP addresses which if you look up and visit have blank homepages that simply say, "success". In my Apache access logs they look exactly like legit browsers with a two exceptions only one of which I'll mention. The URL's they are requesting are in the typical order that bots would fetch (although from different IP addresses) so clearly it's some sort of scrapper though if it was truly a human using a browser would they have bookmarked the Brazilian Portuguese page and visit several weeks later and then with a different IP address which if you visit has the same blank "success" website that makes the same request to a different URL?

Upon further investigation apparently it's part of the "Russian Business Network". Does any one have a list of IP addresses that I can blacklist or suggestions on countering this scrapper? I've already begun manually blocking the IP addresses though I would like to take more preemptive action if possible.

- John

 

lindy

5+ Year Member



 
Msg#: 4235571 posted 10:16 pm on Dec 3, 2010 (gmt 0)

I have no "list" but blocked a bot from IP 211.104.150.236 (Asia), and one from 77.88.29.247 (Netherlands?) ...I think they're up to no good.

My content (images/text snippets) is being used on BAD sites for BAD reasons. (And right next to my stuff are things from my up&up competitors who have clearly been targeted too.)

I'm now erring on the side of caution, and doing everything I can to stay alert.

Good luck!
--lindy

AlexK

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4235571 posted 1:35 am on Dec 4, 2010 (gmt 0)

The following are all closely connected:
# 2009-11-02 extended DROP rule to entire 95.168.160.0 netblock after more scrapes
# 2009-09-23 added DROP rule to block internetserviceteam.com IP 95.168.178.87
# reason: high-speed scrape
# 2009-09-18 added DROP rule to block internetserviceteam.com IP 188.72.217.11
# reason: high-speed scrape
# 2009-03-20 extended DROP rule to entire 212.95.32.0 netblock after more scrapes
# 2009-02-26 added DROP rule to block internetserviceteam.com IP 212.95.54.179
# reason: continuous high-speed scrapes
# 2009-01-30 extended DROP rule to entire 78.159.96.0 netblock after more scrapes
# 2008-12-01 added DROP rule to block internetserviceteam.com IP 78.159.112.96:
# reason: continuous high-speed scrapes
# 2008-01-12 added DROP rule to block Netdirekt (internetserviceteam.com):
# reason: continuous attempted spam posts into Forums from their network
$IPT -A tcp_inbound -p TCP -s 78.159.96.0/19 -j DROP
$IPT -A tcp_inbound -p TCP -s 84.16.224.0/19 -j DROP
$IPT -A tcp_inbound -p TCP -s 89.149.192.0/18 -j DROP
$IPT -A tcp_inbound -p TCP -s 95.168.160.0/19 -j DROP
$IPT -A tcp_inbound -p TCP -s 188.72.217.11/32 -j DROP
$IPT -A tcp_inbound -p TCP -s 212.95.32.0/19 -j DROP

# 2007-10-25 added DROP rule to block Russian Business Network:
# reason: continuous attempted spam posts into Forums
$IPT -A tcp_inbound -p TCP -s 81.95.144.0/20 -j DROP
$IPT -A tcp_inbound -p TCP -s 81.95.156.0/22 -j DROP

SteveWh

5+ Year Member



 
Msg#: 4235571 posted 4:42 am on Dec 4, 2010 (gmt 0)

The RBN is a large network that often uses "fast-flux" IP switching that changes IP addresses every few minutes. They can send malicious requests to your server from more IP addresses than you can possibly identify and ban.

If you can find common features of the malicious requests, you will be much better off banning by those characteristics in .htaccess than attempting to ban IP addresses.

Artstart

10+ Year Member



 
Msg#: 4235571 posted 11:48 am on Dec 7, 2010 (gmt 0)

what is the purpose of this network, why are the collecting info?

SteveWh

5+ Year Member



 
Msg#: 4235571 posted 11:32 pm on Dec 7, 2010 (gmt 0)

Difficult to improve on this description:
[en.wikipedia.org...]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved