homepage Welcome to WebmasterWorld Guest from 54.237.95.6
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Visit PubCon.com
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
WebAir proxies
WebAir using compromised machines as proxies
dstiles




msg:4412830
 8:28 pm on Jan 31, 2012 (gmt 0)

I'm seeing quite a few hits for the past two or three weeks from (usually) "broadband" IPs that have been compromised and are being driven with FWD_FOR from WebAir ranges - probably only a handful of IPs. Not sure if the WebAir IPs have been compromised or if they are "owned" by baddies.

IP/Ranges today:

74.206.229.132 : 74.206.224.0 - 74.206.255.255
209.200.10.200 : 209.200.0.0 - 209.200.63.255

These are using IPs I've never come across before, such as unknown BR IP ranges (ie they have not shown up in my logs before).

Anyone here using WebAir hosting?

 

upside




msg:4413121
 4:28 pm on Feb 1, 2012 (gmt 0)

webair.com is a hosting provider. I block them and all hosting provider ranges. I've seen a typical pattern of bad traffic from them such as fake Googlebots and the like.

wilderness




msg:4413196
 6:57 pm on Feb 1, 2012 (gmt 0)

I've this denied since 2008

RewriteCond %{REMOTE_ADDR} ^209\.200\.([0-9]|[1-5][0-9]|6[0-3])\.

dstiles




msg:4413251
 9:36 pm on Feb 1, 2012 (gmt 0)

The point isn't blocking webair - I've been doing that for years.

My point is: they are using compromised broadband IPs as proxies - ie the IP only shows in the FWD_FOR header. Which I've also been blocking for a long time, depending on the FWD IP, but which I've noticed quite a bit for this one company (found another IP from them just after posting).

I reported elsewhere that this is a general problem, with a variety of (probably) compromised servers calling the shots. This is a specific persistent source: WebAir.

wilderness




msg:4413265
 10:11 pm on Feb 1, 2012 (gmt 0)

dstiles,
There are quite a few major internet providers in the US that have open proxies, and despite the providers being aware of the issues it creates for spammers and botnets, the proxies remain open. Go figure!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved