homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

Ezooms the New DotBot?
née DotBot?

 7:00 pm on Dec 19, 2011 (gmt 0)

The "Ezooms" bot comes along a LOT -- 200 times this month to date -- but it's always behaved so I rarely think to mention it here, even though I have no idea what it's doing, nor for whom.

Today it caught my eye because it's unusually active. Note that it simultaneously hails from wowrack.com IPs and Host names and does so routinely:

208-115-111-68-reverse.wowrack.com [projecthoneypot.org...]
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)
04:47:48 /robots.txt
06:50:08 /robots.txt [projecthoneypot.org...]
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)
03:51:19 /robots.txt
06:51:44 /robots.txt
06:51:44 /robots.txt

(Aside: I block wowrack.com by name and because it's a server farm. My notes show was problematic in the past as well.)

Comments show Ezoom's not always well-behaved elsewhere: [projecthoneypot.org...]

What's the 4-1-1 on this critter anyway? Interestingly, robtex shows the IP, above, to be --

crawl3.dotnetdotcom.org [robtex.com...]

-- and with a not-so-hot DotBot history. [spambotsecurity.com...]

2010: "dotnetdotcom or DotBot" [webmasterworld.com...]
2008: "DotBot" [webmasterworld.com...]

Same, same, just with a new name?



 9:04 pm on Dec 19, 2011 (gmt 0)

I see them come by several times a day as well and always with the same two IP numbers you mention

I have WowR also blocked and drawn up the bridge for DnDc org

NetRange: -
NetName: 208-115-113-80-28-DOTNETDOTCOMDOTORG

NetRange: -
NetName: 208-115-111-64-28-DOTNETDOTCOMDOTORG


 9:31 pm on Dec 19, 2011 (gmt 0)

I see ezooms hit a lot. Yesterday it requested robots.txt 17 times; never went any further. If it had, it would be blocked because I block:

Wowrack -

It is not mentioned in robots.txt, so why it hit 17 times is very odd.


 10:13 pm on Dec 19, 2011 (gmt 0)

More hits since OP. I'm tempted to 403 its access to robots.txt to see what it's after (if anything).


 12:23 am on Dec 20, 2011 (gmt 0)

Huh. This must be the first time I've blocked someone before you did ;) Well, I blocked DotBot by IP, so ezooms kinda came along for the ride. Besides, what kind of robot gives no information except a gmail address?


 1:29 am on Dec 20, 2011 (gmt 0)

Oh, it's been blocked from the get-go, for, among other things, that bright, shining @ in the UA:)

But many times when you block access to robots.txt as well, bots basically spill their URI guts -- all requests for which are still 403'd. Makes for interesting reading.


 1:45 am on Dec 20, 2011 (gmt 0)

My policy has always been that *all* bots have access to robots.txt, whether they're trouble makers or not. That's what the file is for - them, all of them.

I do block total access to many UAs that are irrelevant to robots.txt such as downloading tools, browser extensions/plug-ins, reformatting agents, etc.


 2:20 am on Dec 20, 2011 (gmt 0)

My policy has always been that *all* bots have access to robots.txt, whether they're trouble makers or not.

Ditto, of course.

All I'm saying is that one of these days, merely as an exercise, some of you might find denying access interesting, that's all. (For example, I was surprised to find out how many AmazonAWS Twitter swarmers subsequently went for pages other than tweeted URLs.)

Okay. Getting back to Ezooms. Which does read/heed robots.txt (where it's fully Disallowed) on my sites, but visits way, waaay too often. Whoever they are, they must have money/bandwidth/storage to burn.


 3:32 am on Dec 20, 2011 (gmt 0)

I am not so lenient as to all bots = robots.txt, I have no intention of filling up this file with countless bots who a) may not read it, b) not heed it and c) from whom I don't want a visit any way. They all get wacked at the door.

Ezooms, for instance, first came countless times fetching robots.txt file but no other files though it would not have found a disallowed for itself since at that time it did not carry an identifiable bot name. Then I found out who was behind it (.net.com.org, who had been blocked in their crawling days since they have nothing to offer) and down the chute went Ezooms as far as I'm concerned.

There's just too much rot crawling the internet to waste too much time sifting through it all.


 2:34 am on Dec 24, 2011 (gmt 0)

This is getting silly:
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)

15:05:36 /robots.txt
17:19:12 /robots.txt
17:19:12 /robots.txt
17:47:01 /robots.txt
17:47:01 /robots.txt
18:14:33 /robots.txt
18:14:33 /robots.txt

That's just this afternoon, now totalling 267 hits this month. The twits.


 12:03 am on Feb 20, 2012 (gmt 0)

I have a strong suspicion that this bot is from SEO Moz. Think about it. They are anagrams. SEOmoz ==> Ezooms. And SEO Moz uses Wowrack too, just like Ezooms. Both are based in Seattle.

It's all circumstantial evidence but too strong of a coincidence here.


 5:43 pm on Feb 23, 2012 (gmt 0)

Dotbot is probably tied up with Moz in some way, so your assumptions might turn out right.


 12:18 am on Feb 24, 2012 (gmt 0)

Is dotbot still doing its stuff? Quick look at raw logs says it hasn't been around since August. Even for a site as small as mine, that's a long gap.

I thought maybe I'd got complementary distribution-- one handing off to the other-- but up through July they were both coming around regularly.


 5:31 pm on May 27, 2012 (gmt 0)

DotBot seems to have vanished, but Ezooms is virulent.


 5:08 pm on Jun 1, 2012 (gmt 0)

Here is my Mod Security 2.xx rule for Ezooms. Serves a forbidden server response.

SecRule HTTP_User-Agent "Ezooms" "deny,log,status:403"

 9:21 pm on Jul 4, 2012 (gmt 0)

I blocked the address block at the firewall. Once I see a misbehaved bot from an IP range, I decide that nothing good can come from that address space:

ufw insert 1 deny from
Global Options:
 top home search open messages active posts  

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved