homepage Welcome to WebmasterWorld Guest from 54.211.182.241
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

This 103 message thread spans 4 pages: < < 103 ( 1 [2] 3 4 > >     
Server Farms - May 2013
Ongoing Hosting Data Center Discussion
incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 8:14 pm on May 5, 2013 (gmt 0)

Continuation of the March 2013 thread:
[webmasterworld.com...]

 

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 7:25 am on May 31, 2013 (gmt 0)



DataShack.net servers
142.54.160.0 - 142.54.191.255
142.54.160.0/19

blend27

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 7:52 am on Jun 1, 2013 (gmt 0)

SQL Injection 'probes, attempts' from 46.246.33.52 (anon-33-52.vpn.ipredator.se)

inetnum: 46.246.32.0 - 46.246.63.255
netname: PRIVACTUALLY-NET
route: 46.246.0.0/17

Parent DS ranges: Portlane Networks AB, Sweden: [bgp.he.net...]

We don't do orange on our servers, sorry.

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 11:04 am on Jun 1, 2013 (gmt 0)


Thanks blend27. I block all anonymous proxy ranges. Didn't have this one.

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 8:23 am on Jun 2, 2013 (gmt 0)

Another Datashack
192.151.144.0 - 192.151.159.255
192.151.144.0/20

Also a new (for me) FDCservers: 50.7/16

Which brings my list to:

50.7.0.0 - 50.7.255.255
50.7.0.0/16

66.90.64.0 - 66.90.127.255
66.90.64.0/18

67.159.0.0 - 67.159.63.255
67.159.0.0/18

76.73.0.0 - 76.73.127.255
76.73.0.0/17

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 11:14 am on Jun 2, 2013 (gmt 0)

198.211.103.85 - - [02/Jun/2013:03:04:40 -0600] "GET / HTTP/1.1" 403 775 "-" "-"

Digital Ocean, Inc.
DIGITALOCEAN-2 192.34.56.0 - 192.34.63.255 192.34.56.0/21
DIGITALOCEAN-3 192.81.208.0 - 192.81.223.255 192.81.208.0/20
DIGITALOCEAN-5 198.199.64.0 - 198.199.127.255 198.199.64.0/18
DIGITALOCEAN-4 198.211.96.0 - 198.211.127.255 198.211.96.0/19
DIGITALOCEAN-1 208.68.36.0 - 208.68.39.255 208.68.36.0/22
DIGITALOCEAN-V6-1 2604:A880:: - 2604:A880:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4570883 posted 4:54 pm on Jun 2, 2013 (gmt 0)

New softlayer range, registered January...

192.155.192.0 - 192.155.255.255
192.155.192.0/18

Datashack - I have
142.54.160.0 - 142.54.191.255
192.151.144.0 - 192.151.159.255
198.204.224.0 - 198.204.255.255

FDC Servers...

50.7.0.0 - 50.7.255.255
66.90.64.0 - 66.90.127.255
67.159.0.0 - 67.159.63.255
74.63.64.0 - 74.63.127.255
76.73.0.0 - 76.73.127.255
108.179.64.0 - 108.179.127.255
204.45.0.0 - 204.45.255.255
208.53.128.0 - 208.53.191.255

Digital Ocean...
82.196.0.0 - 82.196.15.255
185.14.184.0 - 185.14.187.255
192.34.56.0 - 192.34.63.255
192.81.208.0 - 192.81.223.255
198.199.64.0 - 198.199.127.255
198.211.96.0 - 198.211.127.255
208.68.36.0 - 208.68.39.255

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 8:32 am on Jun 12, 2013 (gmt 0)


Fibergrid/Webexxpurts
151.237.184.0 - 151.237.185.255
151.237.184.0/23

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4570883 posted 6:26 pm on Jun 12, 2013 (gmt 0)

My list of Webexxpurts...

5.34.240.0 - 5.34.247.255
37.72.184.0 - 37.72.191.255
37.203.208.0 - 37.203.215.255
46.29.248.0 - 46.29.255.255
130.185.156.0 - 130.185.159.255
151.237.176.0 - 151.237.191.255
176.61.136.0 - 176.61.143.255
178.216.48.0 - 178.216.55.255
185.3.132.0 - 185.3.135.255

Mix of Sweden, Estonia and USA.

Not sure where fibregrid comes into it?

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 6:54 pm on Jun 12, 2013 (gmt 0)



Fibergrid is subleasing the 151.237.185.0/24 of Webexxpurts and caught scraping an entire site of mine. Thanks for the Webexxpurts ranges.

blend27

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 1:09 pm on Jun 30, 2013 (gmt 0)

inetnum: 81.7.13.0 - 81.7.13.255
netname: EUSERV-SRV-NET21
descr: EUserv Internet
descr: Customer Network #21
descr: Dedicated Rootserver Network

I am sure there are other ranges.

Caught trying to access honey pot.

81.7.13.161 - /foxyfrot - 403 - Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4570883 posted 7:04 pm on Jul 1, 2013 (gmt 0)

The full range 81.7.0.0/18 belongs to (or is tagged as) ISPpro Internet of Germany. I have the following for ISPpro...

81.7.0.0 - 81.7.63.255
81.89.96.0 - 81.89.111.255
85.31.184.0 - 85.31.191.255
91.143.80.0 - 91.143.95.255

Firefox 6 is WAY out of date and probably a bot of some kind.

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 11:09 pm on Jul 1, 2013 (gmt 0)

@ dstiles re: ISPpro

Looks like broadband mixed in with web servers (much like Comcast.) Are you pinging for ports to tell the difference or just blocking categorically?

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4570883 posted 6:59 pm on Jul 2, 2013 (gmt 0)

You could be right but there are several open-port IPs in the random tests I made. Ports I've seen include HTTP/HTTPS, POP3 and SMTP, FTP and others. Those ports say to me server.

If it's a mixed range then tough on the DSL users: they should find a better-split provider. Even if the ranges are static IPs, there is not enough separation between hard-core users who send out bots and "genuine" DSL users.

I dislike and distrust ALL comcast hits but I have to leave them open for one of my customers. In the past 2 years I've logged over 1200 comcast "idiotic hits". On the other hand my customer has received some orders from those ranges. :(

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4570883 posted 7:01 pm on Jul 2, 2013 (gmt 0)

Another Rackspace range hit me today, a Cloud based at:

162.13.0.0 - 162.13.15.255

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 12:11 pm on Jul 3, 2013 (gmt 0)

Servepath/GoGrid

There are mentions in two threads (one recent and one old):

08.113.98.149 - - [03/Jul/2013:04:14:40 -0600] "GET /robots.txt HTTP/1.1" 200 1907 "-" "FlightDeckReportsBot/2.0 (http://www.flightdeckreports.com/pages/bot)"

Cloud Hosting and Dedicated server.

SERVEPATH-BLK5 173.1.0.0 - 173.1.255.255 173.1.0.0 - 173.1.255.255
SERVEPATH-BLK6 204.51.128.0 - 204.51.255.255 204.51.128.0/17
SERVEPATH-BLK3 208.96.0.0 - 208.96.63.255 208.96.0.0/18
SERVEPATH-BLK3 208.113.64.0 - 208.113.127.255 208.113.64.0/18
SERVEPATH-BLK5 216.121.0.0 - 216.121.127.255 216.121.0.0/17
ERVEPATH 216.93.160.0 - 216.93.191.255 216.93.160.0/19
SERVEPATH-BLK4 64.151.64.0 - 64.151.127.255 64.151.64.0/18
SERVEPATH-BLK2 69.59.128.0 - 69.59.191.255 69.59.128.0/18
SERVEPATH-IPV6 2607:F680:: - 2607:F680:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4570883 posted 6:58 pm on Jul 3, 2013 (gmt 0)

I have all of those as servepath but I have gogrid separately:

74.3.192.0 - 74.3.255.255
164.40.128.0 - 164.40.159.255 (NL)
173.204.0.0 - 173.204.255.255
173.244.64.0 - 173.244.79.255

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 8:32 pm on Jul 3, 2013 (gmt 0)



173.1.0.0 - 173.1.255.255
173.1.0.0/16
I have as GoGrid

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 9:11 pm on Jul 3, 2013 (gmt 0)

From their website FAQ:

"Is ServePath being acquired?

Absolutely not, ServePath and GoGrid have always been the same company; we are just changing our name."
end of quote

Thanks for the heads up guys.
Looking further, located these North American ranges that cover both names:
GOGRID-BLK3 173.204.0.0 - 173.204.255.255 173.204.0.0/16
GOGRID-BLK3 173.244.64.0 - 173.244.79.255 173.244.64.0/20
GOGRID-BLK1 74.3.192.0 - 74.3.255.255 74.3.192.0/18

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4570883 posted 7:55 pm on Jul 4, 2013 (gmt 0)

So gogrid is a new name for servepath or the other way around? Either way, I'm not really concerned: they are both blocked. :)

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 1:28 am on Jul 7, 2013 (gmt 0)

There's multiple references to this, and even comes up in the search results advertising ;)

OrgName: Lunar Pages (ADD2NET-DOT-COM)
64.50.180.203 - - [06/Jul/2013:07:54:32 -0600] "GET /MyFolder/ HTTP/1.1" 200 7286 "-" "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)"

No other requests!

ADDD2NET-DOT-COM 209.200.224.0 - 209.200.255.255 209.200.224.0/19
ADDD2NET-DOT-COM 216.227.208.0 - 216.227.223.255 216.227.208.0/20
ADD2NET-DOT-COM 216.97.224.0 - 216.97.239.255 216.97.224.0/20
ADD2NET-DOT-COM 64.50.160.0 - 64.50.191.255 64.50.160.0/19
ADD2NET-DOT-COM 66.102.128.0 - 66.102.143.255 66.102.128.0/20
ADD2NET-DOT-COM 67.210.96.0 - 67.210.127.255 67.210.96.0/19
ADDD2NET-DOT-COM 74.50.0.0 - 74.50.31.255 74.50.0.0/19
ADD2NET-DOT-COM 2606:BD00:: - 2606:BD00:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4570883 posted 10:29 pm on Jul 7, 2013 (gmt 0)

The dreaded Mixed Service IP, hot off the presses:

27.106.43.122 - - [07/Jul/2013:10:19:12 -0700] "GET /directory/page.html HTTP/1.1" 200 19055 "http://www.webmasterworld.com/profilev4.cgi?action=view&member=lucy24" "Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0"

HARRUMPH!

Free lookup says 27.106.0.0/17 is Syscon Infoway, based in Mumbai, which professes to be-- and probably is-- an ISP.

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 7:13 pm on Jul 8, 2013 (gmt 0)



Buyurl
217.195.202.0 - 217.195.202.127
217.195.202.0/25

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 3:36 am on Jul 9, 2013 (gmt 0)


ELAN, Poland
91.236.74.0 - 91.236.75.255
91.236.74.0/23

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4570883 posted 1:07 am on Jul 10, 2013 (gmt 0)

And now the good news...

For ages I'd had
91.201.64.0/22 ("bulletproof-web", Russia)
blocked on grounds of general robotitude.

Guess it wasn't as bulletproof as they thought; the range currently seems to be unassigned. RIPE being RIPE, you would expect this situation to last five or ten minutes, tops. But they may have closed up shop as long as six months ago.

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 2:17 am on Jul 10, 2013 (gmt 0)


DonEkoService
91.201.64.0 - 91.201.67.255
91.201.64.0/22

I've had bad hits coming from this range in the past.

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4570883 posted 7:45 pm on Jul 10, 2013 (gmt 0)

Lucy - I had that range listed as MHost but yes, not currently allocated, it seems. It's possible it fell to the latest round of exploiter shut-downs - there has been a fair amount of activity in recent months, causing a flurry of new bot activity from those attempting to create more robust botnets.

Following up through ixquick and entering the starting IP brings up a result from nanog which states the range was hijacked last August from DonEkoService (which they say was dodgy anyway). Maybe it was just reclaimed by RIPE.

not2easy

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 6:20 am on Jul 12, 2013 (gmt 0)

A new (for me anyway) DataShack just showed up July 7:
74.91.16.0 - 74.91.31.255 74.91.16.0/20
74.91.18.224 - 74.91.18.231 74.91.18.224/29

UA: -

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 8:55 am on Jul 12, 2013 (gmt 0)

@not2easy Thanls for the DataShack

Amernet cloud & VoIP
209.21.64.0 - 209.21.95.255
209.21.64.0/19

not2easy

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 4:37 pm on Jul 12, 2013 (gmt 0)

Another one: GO-DADDY-NETHERLANDS-BV
146.255.32.0 - 146.255.35.255
I blocked the whole 146.255.0.0/16 because this is a sub-range in NetRange: 146.255.0.0 - 146.255.255.255 and found on a non public site and they were trying very hard to do sql injections. UA: "T34m 0x68583052" another scan from this IP had UA: "-"

From WIRESIX: 98.142.208.0 - 98.142.223.255 98.142.208.0/20
UA: "Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2"

From TEDE-LLU: 95.112.0.0 - 95.115.255.255 95.112.0.0/13
UA: "Java/1.7.0_07"

From SOFTLAYER-4-3: 75.126.0.0 - 75.126.255.255 75.126.0.0/16
UA: "Python-urllib/1.17"

From AFOCELCA (Portugal):213.58.195.224 - 213.58.195.231 213.58.192.0/21
"GET /w00tw00t.at.ISC.SANS.Win32:) HTTP/1.1" 400 289 "-" "-"
No UA, the requested file is not on this server but I get a lot of requests for it, it must be popular...and vulnerable.

keyplyr

WebmasterWorld Senior Member keyplyr us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4570883 posted 5:47 pm on Jul 12, 2013 (gmt 0)

Another one: GO-DADDY-NETHERLANDS-BV
146.255.32.0 - 146.255.35.255
I blocked the whole 146.255.0.0/16 because this is a sub-range in NetRange: 146.255.0.0 - 146.255.255.255

Thanks for the GDaddy range. However, I would reconsider blocking the /16. There *are* public areas in there. For example:
Surebroadband
146.255.0.0 - 146.255.0.127

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4570883 posted 7:39 pm on Jul 12, 2013 (gmt 0)

I have a wider range for the datashack range. My full set of datashack is:

74.91.16.0 - 74.91.31.255
142.54.160.0 - 142.54.191.255
192.151.144.0 - 192.151.159.255
198.204.224.0 - 198.204.255.255

keyplr:
Are you sure about amernet being a cloud? I have it down as DSL and all IPs I've checked (admittedly not that many!) have closed ports.

not2easy:
My godaddy ranges currently stand at:

50.62.0.0 - 50.63.255.255
64.202.160.0 - 64.202.191.255
68.178.128.0 - 68.178.255.255
72.167.0.0 - 72.167.255.255
97.74.0.0 - 97.74.255.255
118.139.160.0 - 118.139.191.255
146.255.32.0 - 146.255.47.255
160.153.0.0 - 160.153.255.255
173.201.0.0 - 173.201.255.255
182.50.128.0 - 182.50.159.255
184.168.0.0 - 184.168.255.255
188.121.32.0 - 188.121.63.255
203.124.96.0 - 203.124.127.255
208.109.0.0 - 208.109.255.255
216.69.128.0 - 216.69.191.255

wiresix (blocked):

66.71.240.0 - 66.71.255.255
98.142.208.0 - 98.142.223.255

softlayer (blocked):

5.153.0.0 - 5.153.63.255
50.22.0.0 - 50.23.255.255
50.97.0.0 - 50.97.255.255
66.228.112.0 - 66.228.127.255
67.228.0.0 - 67.228.255.255
74.86.0.0 - 74.86.255.255
75.126.0.0 - 75.126.255.255
108.168.128.0 - 108.168.255.255
119.81.0.0 - 119.81.255.255
159.253.128.0 - 159.253.159.255
173.192.0.0 - 173.193.255.255
174.36.0.0 - 174.37.255.255
192.155.192.0 - 192.155.255.255
192.169.48.0 - 192.169.63.255
198.58.80.0 - 198.58.95.255
208.43.0.0 - 208.43.255.255
208.101.0.0 - 208.101.63.255

keyplr:

Surebroadband is actually 146.255.0.0/20 and it's UK. There are several /20 ranges in that /16 and I have three DSL and three Server in the database.

This 103 message thread spans 4 pages: < < 103 ( 1 [2] 3 4 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved