homepage Welcome to WebmasterWorld Guest from 54.234.141.47
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
ChinaCache North America
incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4475191 posted 1:32 am on Jul 13, 2012 (gmt 0)

NetRange: 69.28.48.0 - 69.28.63.255

Looking for any intel on this operation as I'm seeing quite a bit of roque stuff coming from ChinaCache.

 

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4475191 posted 1:46 am on Jul 13, 2012 (gmt 0)


This is what I have for ChinaCache:

65.255.32.0 - 65.255.47.255
65.255.32.0/20

69.28.48.0 - 69.28.63.255
69.28.48.0/20

106.48.0.0 - 106.49.255.255
106.48.0.0/15

These ranges all earned their block through various bad behavior, however I cannot define exactly what the term ChinaCache means. Is it truly a caching service used by valid networks similar to AOL? Or is it an anything goes term more like YahooCache that gets sold to the highest bidder?

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4475191 posted 1:50 am on Jul 13, 2012 (gmt 0)

Yeowch! I'd only got them down for 69.28.58. The whole 48/20 eh?

I have never had the slightest idea what ChinaCache does. (Does anyone?) I just ban 'em on principle.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4475191 posted 2:12 am on Jul 13, 2012 (gmt 0)

Here's another
CHINACACHE-2 (NET-209-177-80-0-1) 209.177.80.0 - 209.177.95.255

Believe they are just server farms.

The lower ip of keyplr's frst range is a sub-net to a North American based corp:
NeuSky Technologies Inc CNA-LA-NSK-001 (NET-65-255-32-0-2) 65.255.32.0 - 65.255.35.255

I had the three you folks agreed upon denid from an April 6th Nutch request [webmasterworld.com].

Getting ready to add in the 209.177...

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4475191 posted 7:28 pm on Jul 13, 2012 (gmt 0)

I posted a bit about them a couple of years ago.

They were (are?) the processors behind TalkTalk's so-called anti-virus tool that comes calling on web sites AFTER the poor sap has downloaded (and presumably been trojanned by) a web page.

I have 69.28.48.0 - 69.28.63.255 blocked in the server's firewall for excessive activity.

The 106/8 range has only recently been allocated (Jan 2011) and I didn't see 106.48.0.0/15 until April this year.

Refs (at least these) (I searched on ixquick for webmasterworld talktalk):

[webmasterworld.com...]

[webmasterworld.com...]

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4475191 posted 8:50 pm on Jul 13, 2012 (gmt 0)

Thanks guys.

I actually had two IP ranges for them, didn't know about the others.

Off to install the Great Firewall of ChinaCache

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4475191 posted 10:04 pm on Jul 14, 2012 (gmt 0)

Not sure how true this is - there is some indication it may be a panic attack. From memory and checking back on earlier threads hereabouts (see above) I think Huawei is involved with chinacache - they were certainly involved with talktalk.

"...former Pentagon analyst F. Michael Maloof claims that two mainland Chinese companies: Huawei and ZTE Technologies are providing the Chinese government with the ability to access deployed equipment and services, which are used by 45 of the top 50 telecommunications centers in the world. This, Maloof argues, gives the Chinese government and People’s Liberation Army unbridled, backdoor access into data and proprietary information belonging to some 140 nations."

https://threatpost.com/en_us/blogs/former-pentagon-analyst-warns-china-has-back-doors-global-telcos-071312

IF it is true then we're doomed. Not that the internet isn't a total mess anyway, with almost every phone, web browser, web tool and general computer software full of compromises and loopholes and its very protocol complete exploitable rubbish. Reports that USA-overflying drones will soon be seen and have major exploit holes; even our (UK) electricity meters will soon be internetted and then we're really stuffed. :(

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4475191 posted 12:26 am on Jul 15, 2012 (gmt 0)

If you really want to be paranoid, think only of what proportion of your home electronics was made in China ;)

Or look for something that was not made in China. That's faster.

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4475191 posted 7:45 pm on Jul 15, 2012 (gmt 0)

But most of my home electronics was a) built before China became a source for such things and b) only the computers (currently) connect to the internet. :)

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4475191 posted 3:32 pm on Aug 26, 2012 (gmt 0)

Further to Chinacache:

I noticed a bad hit today on an IP range new to me...

223.202.0.0/15

This resolved to ChinaCache in China, declared in DNS in short sub-ranges. It may not be an offensive botrunner, although the actual hit had a bad UA and hit half a dozen times in the past 6 weeks, but I've tagged the full range as "servers" through nostalgia. :)

IP: 223.202.8.nn
UA: Mozilla/4.76 [en] (Windows NT 5.0; U)
(Netscape on Windows 2000?)

DNS gives:
Beijing Blue I.T Technologies Co.,Ltd.
Galaxy Building,No.10 jiuxianqiao ,chaoyang
District,beijing
Please contact (name)@chinacache dot com if you have any Questions regarding this object.

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4475191 posted 9:15 pm on Aug 26, 2012 (gmt 0)

:: detour to htaccess ::

Ouch! Thanks for that. I thought I'd blocked everything from China sized /16 on up but somehow missed most of 223.

:: further shuffling of papers ::

If I've got them labeled right, that's

223.0.0.0/12
223.20.0.0/15
223.64.0.0/11
223.96.0.0/12
223.112.0.0/14
223.116.0.0/15
223.120.0.0/13
223.128.0.0/15
223.144.0.0/12
223.160.0.0/14
223.166.0.0/15
223.192.0.0/15
223.198.0.0/15
223.201
223.202.0.0/15
223.208.0.0/13
223.220.0.0/15
223.240.0.0/13
223.248.0.0/14

Pity about those blasted Australians, or English-language sites could just block APNIC in merry /8 slabs ;)

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4475191 posted 8:57 pm on Aug 27, 2012 (gmt 0)

I find there are good and bad chinese ranges. Some give me no trouble, other ranges are continually having IPs blocked.

Best I can come up with at present is by district. Some chinese districts seem - not lawless, perhaps, but at least careless at getting infected.

My response is to block all (known) chinese ranges on some sites but let other sites fend for themselves (obviously depending on various other traps set). If a range gets a high blocked-IP count the /16 or whatever is banned completely.

I do try to be fair. :)

Re: /8 blocking - I think IANA have a lot to answer for. Along with most internet practices and protocols, it's not very clever. Somewhere around the mid-1990s it should all have been scrapped and proper mechanisms, ranges, protocols etc put in place. Bit late, now, although ipv6 may answer a few minor criticisms. Plus ALL DNS registrations should be forced to declare purpose (DLS, server etc) and NO IP range should be registered using hotmail/gmail/yahoo/etc addresses (unless, obviously, the range belongs to those companies). And ALL companies should be compelled to declare their mail server IPs so I can whitelist the darn things. Etc. :(

rowan194



 
Msg#: 4475191 posted 7:10 pm on Aug 28, 2012 (gmt 0)

Hello from a blasted Australian. :)

Until the late 1990s we had AUNIC with its own delegated super slice of 203 (203.0.0.0 - 203.63.255.255 IIRC), so detecting an Aussie was reasonably easy. There were still a few webmasters that thought blocking 203.0.0.0/8 was the easy answer to getting rid of Chinese IPs, though.

Things are nowhere near as simple these days now that APNIC allocates IPs for members located throughout the entire Asia Pacific region, so blocking Chinese or other unwanted asian IPs needs to be done on a per allocation basis.

FWIW I've been having lots of problems with scrapers from Chinese IPs that present a 'zh' (Chinese) browser language. I set up my auto-blacklist code (which looks for fingerprints such as loads with blank referers, cookies disabled, or a changing user-agent each fetch) to have a much lower threshold in this case.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4475191 posted 7:37 pm on Aug 28, 2012 (gmt 0)

Hello from a blasted Australian.


rowan,
The task is much simpler if you just bunch the Aussies and Kiwis into the same group, despite their indifference's ;)

In 2002 the major Class A's were (14|144|20[23]|21[01]|61), (with specific sub-classes) which has changed considerably in a decade.
These days the numbers are all over the place.

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4475191 posted 7:33 pm on Dec 1, 2012 (gmt 0)

New ChinaCache range today:

199.190.44.0 - 199.190.47.255
ChinaCache North America, Inc

Bewenched

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4475191 posted 8:45 pm on Dec 1, 2012 (gmt 0)

Per Wiki:
ChinaCache is a content delivery, streaming media, cloud computing service provider in China.

BLEH

Bewenched

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4475191 posted 8:57 pm on Dec 1, 2012 (gmt 0)

199.190.44.0 US Los Angeles, California, United States9001534.0396, -118.2661

ChinaCache North America Kunlun Games

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved