| 9:04 pm on Dec 19, 2011 (gmt 0)|
I see them come by several times a day as well and always with the same two IP numbers you mention
I have WowR also blocked and drawn up the bridge for DnDc org
NetRange: 220.127.116.11 - 18.104.22.168
NetRange: 22.214.171.124 - 126.96.36.199
| 9:31 pm on Dec 19, 2011 (gmt 0)|
I see ezooms hit a lot. Yesterday it requested robots.txt 17 times; never went any further. If it had, it would be blocked because I block:
188.8.131.52 - 184.108.40.206
It is not mentioned in robots.txt, so why it hit 17 times is very odd.
| 10:13 pm on Dec 19, 2011 (gmt 0)|
More hits since OP. I'm tempted to 403 its access to robots.txt to see what it's after (if anything).
| 12:23 am on Dec 20, 2011 (gmt 0)|
Huh. This must be the first time I've blocked someone before you did ;) Well, I blocked DotBot by IP, so ezooms kinda came along for the ride. Besides, what kind of robot gives no information except a gmail address?
| 1:29 am on Dec 20, 2011 (gmt 0)|
Oh, it's been blocked from the get-go, for, among other things, that bright, shining @ in the UA:)
But many times when you block access to robots.txt as well, bots basically spill their URI guts -- all requests for which are still 403'd. Makes for interesting reading.
| 1:45 am on Dec 20, 2011 (gmt 0)|
My policy has always been that *all* bots have access to robots.txt, whether they're trouble makers or not. That's what the file is for - them, all of them.
I do block total access to many UAs that are irrelevant to robots.txt such as downloading tools, browser extensions/plug-ins, reformatting agents, etc.
| 2:20 am on Dec 20, 2011 (gmt 0)|
|My policy has always been that *all* bots have access to robots.txt, whether they're trouble makers or not. |
Ditto, of course.
All I'm saying is that one of these days, merely as an exercise, some of you might find denying access interesting, that's all. (For example, I was surprised to find out how many AmazonAWS Twitter swarmers subsequently went for pages other than tweeted URLs.)
Okay. Getting back to Ezooms. Which does read/heed robots.txt (where it's fully Disallowed) on my sites, but visits way, waaay too often. Whoever they are, they must have money/bandwidth/storage to burn.
| 3:32 am on Dec 20, 2011 (gmt 0)|
I am not so lenient as to all bots = robots.txt, I have no intention of filling up this file with countless bots who a) may not read it, b) not heed it and c) from whom I don't want a visit any way. They all get wacked at the door.
Ezooms, for instance, first came countless times fetching robots.txt file but no other files though it would not have found a disallowed for itself since at that time it did not carry an identifiable bot name. Then I found out who was behind it (.net.com.org, who had been blocked in their crawling days since they have nothing to offer) and down the chute went Ezooms as far as I'm concerned.
There's just too much rot crawling the internet to waste too much time sifting through it all.
| 2:34 am on Dec 24, 2011 (gmt 0)|
This is getting silly:
Mozilla/5.0 (compatible; Ezooms/1.0; email@example.com)
That's just this afternoon, now totalling 267 hits this month. The twits.
| 12:03 am on Feb 20, 2012 (gmt 0)|
I have a strong suspicion that this bot is from SEO Moz. Think about it. They are anagrams. SEOmoz ==> Ezooms. And SEO Moz uses Wowrack too, just like Ezooms. Both are based in Seattle.
It's all circumstantial evidence but too strong of a coincidence here.
| 5:43 pm on Feb 23, 2012 (gmt 0)|
Dotbot is probably tied up with Moz in some way, so your assumptions might turn out right.
| 12:18 am on Feb 24, 2012 (gmt 0)|
Is dotbot still doing its stuff? Quick look at raw logs says it hasn't been around since August. Even for a site as small as mine, that's a long gap.
I thought maybe I'd got complementary distribution-- one handing off to the other-- but up through July they were both coming around regularly.
| 5:31 pm on May 27, 2012 (gmt 0)|
DotBot seems to have vanished, but Ezooms is virulent.
| 5:08 pm on Jun 1, 2012 (gmt 0)|
Here is my Mod Security 2.xx rule for Ezooms. Serves a forbidden server response.
SecRule HTTP_User-Agent "Ezooms" "deny,log,status:403"
| 9:21 pm on Jul 4, 2012 (gmt 0)|
I blocked the address block at the firewall. Once I see a misbehaved bot from an IP range, I decide that nothing good can come from that address space:
ufw insert 1 deny from 220.127.116.11/24