homepage Welcome to WebmasterWorld Guest from 54.166.8.138
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
Ezooms the New DotBot?
née DotBot?
Pfui




msg:4399480
 7:00 pm on Dec 19, 2011 (gmt 0)

The "Ezooms" bot comes along a LOT -- 200 times this month to date -- but it's always behaved so I rarely think to mention it here, even though I have no idea what it's doing, nor for whom.

Today it caught my eye because it's unusually active. Note that it simultaneously hails from wowrack.com IPs and Host names and does so routinely:

208-115-111-68-reverse.wowrack.com [projecthoneypot.org...]
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)
04:47:48 /robots.txt
06:50:08 /robots.txt

208.115.113.84 [projecthoneypot.org...]
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)
03:51:19 /robots.txt
06:51:44 /robots.txt
06:51:44 /robots.txt

(Aside: I block wowrack.com by name and 208.115.111.0/24 because it's a server farm. My notes show 216.176.176.0/20 was problematic in the past as well.)

Comments show Ezoom's not always well-behaved elsewhere: [projecthoneypot.org...]

What's the 4-1-1 on this critter anyway? Interestingly, robtex shows the IP, above, to be --

crawl3.dotnetdotcom.org [robtex.com...]

-- and with a not-so-hot DotBot history. [spambotsecurity.com...]

2010: "dotnetdotcom or DotBot" [webmasterworld.com...]
2008: "DotBot" [webmasterworld.com...]

Same, same, just with a new name?

 

Staffa




msg:4399499
 9:04 pm on Dec 19, 2011 (gmt 0)

I see them come by several times a day as well and always with the same two IP numbers you mention

I have WowR also blocked and drawn up the bridge for DnDc org

NetRange: 208.115.113.80 - 208.115.113.95
CIDR: 208.115.113.80/28
NetName: 208-115-113-80-28-DOTNETDOTCOMDOTORG

NetRange: 208.115.111.64 - 208.115.111.79
CIDR: 208.115.111.64/28
NetName: 208-115-111-64-28-DOTNETDOTCOMDOTORG

keyplyr




msg:4399515
 9:31 pm on Dec 19, 2011 (gmt 0)

I see ezooms hit a lot. Yesterday it requested robots.txt 17 times; never went any further. If it had, it would be blocked because I block:

Wowrack
208.115.96.0 - 208.115.127.255
208.115.96.0/19

It is not mentioned in robots.txt, so why it hit 17 times is very odd.

Pfui




msg:4399529
 10:13 pm on Dec 19, 2011 (gmt 0)

More hits since OP. I'm tempted to 403 its access to robots.txt to see what it's after (if anything).

lucy24




msg:4399555
 12:23 am on Dec 20, 2011 (gmt 0)

Huh. This must be the first time I've blocked someone before you did ;) Well, I blocked DotBot by IP, so ezooms kinda came along for the ride. Besides, what kind of robot gives no information except a gmail address?

Pfui




msg:4399564
 1:29 am on Dec 20, 2011 (gmt 0)

Oh, it's been blocked from the get-go, for, among other things, that bright, shining @ in the UA:)

But many times when you block access to robots.txt as well, bots basically spill their URI guts -- all requests for which are still 403'd. Makes for interesting reading.

keyplyr




msg:4399566
 1:45 am on Dec 20, 2011 (gmt 0)

My policy has always been that *all* bots have access to robots.txt, whether they're trouble makers or not. That's what the file is for - them, all of them.

I do block total access to many UAs that are irrelevant to robots.txt such as downloading tools, browser extensions/plug-ins, reformatting agents, etc.

Pfui




msg:4399580
 2:20 am on Dec 20, 2011 (gmt 0)

My policy has always been that *all* bots have access to robots.txt, whether they're trouble makers or not.

Ditto, of course.

All I'm saying is that one of these days, merely as an exercise, some of you might find denying access interesting, that's all. (For example, I was surprised to find out how many AmazonAWS Twitter swarmers subsequently went for pages other than tweeted URLs.)

Okay. Getting back to Ezooms. Which does read/heed robots.txt (where it's fully Disallowed) on my sites, but visits way, waaay too often. Whoever they are, they must have money/bandwidth/storage to burn.

Staffa




msg:4399591
 3:32 am on Dec 20, 2011 (gmt 0)

I am not so lenient as to all bots = robots.txt, I have no intention of filling up this file with countless bots who a) may not read it, b) not heed it and c) from whom I don't want a visit any way. They all get wacked at the door.

Ezooms, for instance, first came countless times fetching robots.txt file but no other files though it would not have found a disallowed for itself since at that time it did not carry an identifiable bot name. Then I found out who was behind it (.net.com.org, who had been blocked in their crawling days since they have nothing to offer) and down the chute went Ezooms as far as I'm concerned.

There's just too much rot crawling the internet to waste too much time sifting through it all.

Pfui




msg:4401087
 2:34 am on Dec 24, 2011 (gmt 0)

This is getting silly:

208.115.113.84
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)

15:05:36 /robots.txt
17:19:12 /robots.txt
17:19:12 /robots.txt
17:47:01 /robots.txt
17:47:01 /robots.txt
18:14:33 /robots.txt
18:14:33 /robots.txt

That's just this afternoon, now totalling 267 hits this month. The twits.

jazzybee




msg:4419412
 12:03 am on Feb 20, 2012 (gmt 0)

I have a strong suspicion that this bot is from SEO Moz. Think about it. They are anagrams. SEOmoz ==> Ezooms. And SEO Moz uses Wowrack too, just like Ezooms. Both are based in Seattle.

It's all circumstantial evidence but too strong of a coincidence here.

g1smd




msg:4420987
 5:43 pm on Feb 23, 2012 (gmt 0)

Dotbot is probably tied up with Moz in some way, so your assumptions might turn out right.

lucy24




msg:4421146
 12:18 am on Feb 24, 2012 (gmt 0)

Is dotbot still doing its stuff? Quick look at raw logs says it hasn't been around since August. Even for a site as small as mine, that's a long gap.

I thought maybe I'd got complementary distribution-- one handing off to the other-- but up through July they were both coming around regularly.

g1smd




msg:4458422
 5:31 pm on May 27, 2012 (gmt 0)

DotBot seems to have vanished, but Ezooms is virulent.

frontpage




msg:4460445
 5:08 pm on Jun 1, 2012 (gmt 0)

Here is my Mod Security 2.xx rule for Ezooms. Serves a forbidden server response.

SecRule HTTP_User-Agent "Ezooms" "deny,log,status:403"
dogweather




msg:4472607
 9:21 pm on Jul 4, 2012 (gmt 0)

I blocked the address block at the firewall. Once I see a misbehaved bot from an IP range, I decide that nothing good can come from that address space:

ufw insert 1 deny from 208.115.113.0/24
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved