homepage Welcome to WebmasterWorld Guest from 54.204.231.253
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
AOL changing IPs
Velocity and other traps
phred




msg:3667145
 9:51 pm on Jun 4, 2008 (gmt 0)

Iíve known for a while that in the case of changing AOL IPs my velocity triggered events could be better implemented. I still trap some situations but things could be much better. Some time ago I also implemented an embedded IP trap in the web site logic of some functions. Today I realized that the multiple per session, ever changing, AOL IP ďfeatureĒ breaks that logic. Bugger. I need to address the AOL changing IP situation.

Looking back over the logs it appears that:

. gethostbyaddr - not all AOL IPs yield a host name; those that do resolve end in proxy.aol.com.
. UA always seem to contain AOL
. The first three IP octets appear to be constant.

To address the the AOL problem Iím currently thinking about changing to a technique where I identify AOL visitors based on UA (and maybe host name), use only the first three octets of AOL visitors IPs and possibly appended with a hash of some sort per session. That would restore velocity traps to full function and I could re-implement the IP logic trap.

Any suggestions? Help would be much appreciated.

Cheers,
Phred

 

incrediBILL




msg:3667999
 10:23 pm on Jun 5, 2008 (gmt 0)

When dealing with shared IP pools such as AOL and others you need to put special time limits on the quarantine period, such as an hour instead of 24 hours.

Amazingly, many bad bots accept cookies because some sites won't work unless you accept cookies, so I feed them a session cookie and it tracks them across multiple IP addresses on AOL so once I flag the session as bad, you can run, hop IPs, whatever, but until you toss that cookie, you're still blocked ;)

Hope that helps.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved