homepage Welcome to WebmasterWorld Guest from 23.20.63.27
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
checks.panopta.com User Agent
Another site monitor
grandma genie




msg:4549179
 8:20 pm on Feb 26, 2013 (gmt 0)

Hello all,

Caught this bot checking out my site:

5.63.145.nn - - [26/Feb/2013:03:08:22 -0500] "HEAD / HTTP/1.1" 301 - "-" "checks.panopta.com"

Didn't like what their site had to say (a competitor monitoring my site), so blocked it in htaccess. Didn't see anything about them in a search on webmasterworld, so thought I would just pass it along for your info. So far two IPs associated with this user agent:

5.63.145.nn
67.228.49.nnn

grandma

 

keyplyr




msg:4549347
 8:26 am on Feb 27, 2013 (gmt 0)



IMO both should be blocked by range:

5.63.145.0/29 #Hosting Services, GB (5.63.145.0 - 5.63.145.7)

67.228.0.0/16 #Softlayer (67.228.0.0 - 67.228.255.255)



Also, 50.22.185.51 is registered to Panopta.com, which is:

50.22.0.0/15 #Softlayer (50.22.0.0 - 50.23.255.255)

wilderness




msg:4549353
 9:30 am on Feb 27, 2013 (gmt 0)

FWIW, I've the entire Class A 5. denied.

keyplyr




msg:4549372
 10:42 am on Feb 27, 2013 (gmt 0)



I remember, we had a discussion about it. There's huge ISPs in that A class, sonic.net & tarassul. Maybe not an asset to you, but maybe to others. Personally, I never know where traffic will start building from. 2 years ago I never got any natural human traffic from RU, now I get 3 digit daily. Sometimes they even buy stuff. China's the one I block with prejudice :)

[edited by: keyplyr at 10:48 am (utc) on Feb 27, 2013]

wilderness




msg:4549376
 10:48 am on Feb 27, 2013 (gmt 0)

sonic.net


That's them modern day versions of drive-in restaurants were the car hops wear roller skates ;)

keyplyr




msg:4549377
 10:49 am on Feb 27, 2013 (gmt 0)

Yeah, but they wear cute skirts :)

lucy24




msg:4549391
 11:35 am on Feb 27, 2013 (gmt 0)

FWIW, I've the entire Class A 5. denied.

I wish I could merrily lock out entire continents :) I stop at countries-- and so far there's only one of those. (I would love to lock out Saudi Arabia too, but I never get any visitors from there anyway so it would be amazingly pointless.)

wilderness




msg:4549404
 11:55 am on Feb 27, 2013 (gmt 0)

I wish I could merrily lock out entire continents


lucy,
when I first started using htaccess (late-1999 or 2000) my primary goal was Korea and the UK.
Once I got into the ranges, it was genuinely easier (there was no GEO databases back then) to simply expand the countries, rather than separate the IP's for these two countries from the rest.

My widget content is what's makes designation of non-benefit more tangible.

My methods are certainly NOT an option for most webmasters.

wilderness




msg:4549405
 11:58 am on Feb 27, 2013 (gmt 0)

FWIW, I've the entire Class A 5. denied.


I wish I could merrily lock out entire continents


You likely have the Class A's of 4 & 8 denied and their close to continents ;)

dstiles




msg:4549566
 7:37 pm on Feb 27, 2013 (gmt 0)

5.63.145.0/29 should be 5.63.144.0/21

keyplyr




msg:4549599
 9:23 pm on Feb 27, 2013 (gmt 0)


5.63.145.0/29 should be 5.63.144.0/21

ya, thanks

lucy24




msg:4549661
 4:46 am on Feb 28, 2013 (gmt 0)

You likely have the Class A's of 4 & 8 denied

Sad to say there are WebmasterWorld members at both locations :( Well, definitely at 4. And there are unsuspecting humans using assorted AV programs at 8. That is, AV programs that load the page before the human does; I don't hesitate to block the ones that check after the fact. ("I'm afraid you don't understand, your Majesty. The taster has to take the first bite, no matter how luscious it looks.")

keyplyr




msg:4549724
 5:47 am on Feb 28, 2013 (gmt 0)



You likely have the Class A's of 4 & 8 denied

Yes, at one time I did block:
4.0.0.0/8 #Level 3 (4.0.0.0 - 4.255.255.255)
8.0.0.0/8 #Level 3 (8.0.0.0 - 8.255.255.255)

But quickly discovered hundreds of daily humans never made it through.

I now no longer block 4 and only block a small part of 8:
8.28.16.0/23 #Level 3 (8.28.16.0 - 8.28.17.255)

a24061




msg:4565171
 8:39 am on Apr 16, 2013 (gmt 0)

Hi,
I found panopta.com in my weblogs recently, came across this thread, and added the following to .htaccess:

deny from 5.63.144.0/21
deny from 67.228.0.0/16
deny from 50.22.0.0/15


But yesterday I found a bunch of log entries like these:

ch15.lon.monitorengine.com - - [14/Apr/2013:00:43:20 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"
forever.alone.net - - [14/Apr/2013:00:43:20 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch06.slc.monitorengine.com - - [14/Apr/2013:00:43:21 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch15.lon.monitorengine.com - - [14/Apr/2013:00:58:20 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"
forever.alone.net - - [14/Apr/2013:00:58:21 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch01.slc.monitorengine.com - - [14/Apr/2013:00:58:34 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch15.lon.monitorengine.com - - [14/Apr/2013:01:13:21 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"
forever.alone.net - - [14/Apr/2013:01:13:21 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch05.slc.monitorengine.com - - [14/Apr/2013:01:13:22 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch15.lon.monitorengine.com - - [14/Apr/2013:01:28:22 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"


Any suggestions on what ranges I should block? Using `host ch05.slc.monitorengine.com` and `whois 198.105.219.56` gives a vague IP range. For now, I've added

deny from *.monitorengine.com
deny from forever.alone.net

to my .htaccess file.

keyplyr




msg:4565174
 8:58 am on Apr 16, 2013 (gmt 0)

198.105.219.56 belongs to...

Hosting Services, Utah
198.105.208.0 - 198.105.223.255
198.105.208.0/20



ch15.lon.monitorengine.com is 66.228.52.108, which belongs to...

Linode Virtual Cloud Servers
66.228.32.0 - 66.228.63.255
66.228.32.0/19



forever.alone.net is 63.251.38.176, which belongs to...

Internap.com Hosting & Datacenters, Georgia
63.251.0.0 - 63.251.255.255
63.251.0.0/16


BTW - Hosting Services, Linode and Internap all have other ranges. These have been listed here in WW forums and can be found using the Search.

And just a FYI, referrers can (and often are) easily be spoofed.

wilderness




msg:4565242
 1:52 pm on Apr 16, 2013 (gmt 0)

FWIW, unless you've your own server and have your logs intentionally configured to display in this manner?

ch01.slc.monitorengine.com - - [14/Apr/2013:00:58:34 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"

Rather, if your on shared hosting, the reason the logs dispaly in this manner is because the deny from's are enclosed in a container.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved