| 1:46 am on Jul 13, 2012 (gmt 0)|
This is what I have for ChinaCache:
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
These ranges all earned their block through various bad behavior, however I cannot define exactly what the term ChinaCache means. Is it truly a caching service used by valid networks similar to AOL? Or is it an anything goes term more like YahooCache that gets sold to the highest bidder?
| 1:50 am on Jul 13, 2012 (gmt 0)|
Yeowch! I'd only got them down for 69.28.58. The whole 48/20 eh?
I have never had the slightest idea what ChinaCache does. (Does anyone?) I just ban 'em on principle.
| 2:12 am on Jul 13, 2012 (gmt 0)|
CHINACACHE-2 (NET-209-177-80-0-1) 220.127.116.11 - 18.104.22.168
Believe they are just server farms.
The lower ip of keyplr's frst range is a sub-net to a North American based corp:
NeuSky Technologies Inc CNA-LA-NSK-001 (NET-65-255-32-0-2) 22.214.171.124 - 126.96.36.199
I had the three you folks agreed upon denid from an April 6th Nutch request [webmasterworld.com].
Getting ready to add in the 209.177...
| 7:28 pm on Jul 13, 2012 (gmt 0)|
I posted a bit about them a couple of years ago.
They were (are?) the processors behind TalkTalk's so-called anti-virus tool that comes calling on web sites AFTER the poor sap has downloaded (and presumably been trojanned by) a web page.
I have 188.8.131.52 - 184.108.40.206 blocked in the server's firewall for excessive activity.
The 106/8 range has only recently been allocated (Jan 2011) and I didn't see 220.127.116.11/15 until April this year.
Refs (at least these) (I searched on ixquick for webmasterworld talktalk):
| 8:50 pm on Jul 13, 2012 (gmt 0)|
I actually had two IP ranges for them, didn't know about the others.
Off to install the Great Firewall of ChinaCache
| 10:04 pm on Jul 14, 2012 (gmt 0)|
Not sure how true this is - there is some indication it may be a panic attack. From memory and checking back on earlier threads hereabouts (see above) I think Huawei is involved with chinacache - they were certainly involved with talktalk.
"...former Pentagon analyst F. Michael Maloof claims that two mainland Chinese companies: Huawei and ZTE Technologies are providing the Chinese government with the ability to access deployed equipment and services, which are used by 45 of the top 50 telecommunications centers in the world. This, Maloof argues, gives the Chinese government and People’s Liberation Army unbridled, backdoor access into data and proprietary information belonging to some 140 nations."
IF it is true then we're doomed. Not that the internet isn't a total mess anyway, with almost every phone, web browser, web tool and general computer software full of compromises and loopholes and its very protocol complete exploitable rubbish. Reports that USA-overflying drones will soon be seen and have major exploit holes; even our (UK) electricity meters will soon be internetted and then we're really stuffed. :(
| 12:26 am on Jul 15, 2012 (gmt 0)|
If you really want to be paranoid, think only of what proportion of your home electronics was made in China ;)
Or look for something that was not made in China. That's faster.
| 7:45 pm on Jul 15, 2012 (gmt 0)|
But most of my home electronics was a) built before China became a source for such things and b) only the computers (currently) connect to the internet. :)
| 3:32 pm on Aug 26, 2012 (gmt 0)|
Further to Chinacache:
I noticed a bad hit today on an IP range new to me...
This resolved to ChinaCache in China, declared in DNS in short sub-ranges. It may not be an offensive botrunner, although the actual hit had a bad UA and hit half a dozen times in the past 6 weeks, but I've tagged the full range as "servers" through nostalgia. :)
UA: Mozilla/4.76 [en] (Windows NT 5.0; U)
(Netscape on Windows 2000?)
Beijing Blue I.T Technologies Co.,Ltd.
Galaxy Building,No.10 jiuxianqiao ,chaoyang
Please contact (name)@chinacache dot com if you have any Questions regarding this object.
| 9:15 pm on Aug 26, 2012 (gmt 0)|
:: detour to htaccess ::
Ouch! Thanks for that. I thought I'd blocked everything from China sized /16 on up but somehow missed most of 223.
:: further shuffling of papers ::
If I've got them labeled right, that's
Pity about those blasted Australians, or English-language sites could just block APNIC in merry /8 slabs ;)
| 8:57 pm on Aug 27, 2012 (gmt 0)|
I find there are good and bad chinese ranges. Some give me no trouble, other ranges are continually having IPs blocked.
Best I can come up with at present is by district. Some chinese districts seem - not lawless, perhaps, but at least careless at getting infected.
My response is to block all (known) chinese ranges on some sites but let other sites fend for themselves (obviously depending on various other traps set). If a range gets a high blocked-IP count the /16 or whatever is banned completely.
I do try to be fair. :)
Re: /8 blocking - I think IANA have a lot to answer for. Along with most internet practices and protocols, it's not very clever. Somewhere around the mid-1990s it should all have been scrapped and proper mechanisms, ranges, protocols etc put in place. Bit late, now, although ipv6 may answer a few minor criticisms. Plus ALL DNS registrations should be forced to declare purpose (DLS, server etc) and NO IP range should be registered using hotmail/gmail/yahoo/etc addresses (unless, obviously, the range belongs to those companies). And ALL companies should be compelled to declare their mail server IPs so I can whitelist the darn things. Etc. :(
| 7:10 pm on Aug 28, 2012 (gmt 0)|
Hello from a blasted Australian. :)
Until the late 1990s we had AUNIC with its own delegated super slice of 203 (18.104.22.168 - 22.214.171.124 IIRC), so detecting an Aussie was reasonably easy. There were still a few webmasters that thought blocking 126.96.36.199/8 was the easy answer to getting rid of Chinese IPs, though.
Things are nowhere near as simple these days now that APNIC allocates IPs for members located throughout the entire Asia Pacific region, so blocking Chinese or other unwanted asian IPs needs to be done on a per allocation basis.
FWIW I've been having lots of problems with scrapers from Chinese IPs that present a 'zh' (Chinese) browser language. I set up my auto-blacklist code (which looks for fingerprints such as loads with blank referers, cookies disabled, or a changing user-agent each fetch) to have a much lower threshold in this case.
| 7:37 pm on Aug 28, 2012 (gmt 0)|
|Hello from a blasted Australian. |
The task is much simpler if you just bunch the Aussies and Kiwis into the same group, despite their indifference's ;)
In 2002 the major Class A's were (14|144|20|21|61), (with specific sub-classes) which has changed considerably in a decade.
These days the numbers are all over the place.
| 7:33 pm on Dec 1, 2012 (gmt 0)|
New ChinaCache range today:
188.8.131.52 - 184.108.40.206
ChinaCache North America, Inc
| 8:45 pm on Dec 1, 2012 (gmt 0)|
ChinaCache is a content delivery, streaming media, cloud computing service provider in China.
| 8:57 pm on Dec 1, 2012 (gmt 0)|
220.127.116.11 US Los Angeles, California, United States9001534.0396, -118.2661
ChinaCache North America Kunlun Games