homepage Welcome to WebmasterWorld Guest from 54.204.58.87
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

This 103 message thread spans 4 pages: < < 103 ( 1 [2] 3 4 > >     
Server Farms - May 2013
Ongoing Hosting Data Center Discussion
incrediBILL




msg:4570885
 8:14 pm on May 5, 2013 (gmt 0)

Continuation of the March 2013 thread:
[webmasterworld.com...]

 

keyplyr




msg:4579745
 7:25 am on May 31, 2013 (gmt 0)



DataShack.net servers
142.54.160.0 - 142.54.191.255
142.54.160.0/19

blend27




msg:4580100
 7:52 am on Jun 1, 2013 (gmt 0)

SQL Injection 'probes, attempts' from 46.246.33.52 (anon-33-52.vpn.ipredator.se)

inetnum: 46.246.32.0 - 46.246.63.255
netname: PRIVACTUALLY-NET
route: 46.246.0.0/17

Parent DS ranges: Portlane Networks AB, Sweden: [bgp.he.net...]

We don't do orange on our servers, sorry.

keyplyr




msg:4580122
 11:04 am on Jun 1, 2013 (gmt 0)


Thanks blend27. I block all anonymous proxy ranges. Didn't have this one.

keyplyr




msg:4580300
 8:23 am on Jun 2, 2013 (gmt 0)

Another Datashack
192.151.144.0 - 192.151.159.255
192.151.144.0/20

Also a new (for me) FDCservers: 50.7/16

Which brings my list to:

50.7.0.0 - 50.7.255.255
50.7.0.0/16

66.90.64.0 - 66.90.127.255
66.90.64.0/18

67.159.0.0 - 67.159.63.255
67.159.0.0/18

76.73.0.0 - 76.73.127.255
76.73.0.0/17

wilderness




msg:4580330
 11:14 am on Jun 2, 2013 (gmt 0)

198.211.103.85 - - [02/Jun/2013:03:04:40 -0600] "GET / HTTP/1.1" 403 775 "-" "-"

Digital Ocean, Inc.
DIGITALOCEAN-2 192.34.56.0 - 192.34.63.255 192.34.56.0/21
DIGITALOCEAN-3 192.81.208.0 - 192.81.223.255 192.81.208.0/20
DIGITALOCEAN-5 198.199.64.0 - 198.199.127.255 198.199.64.0/18
DIGITALOCEAN-4 198.211.96.0 - 198.211.127.255 198.211.96.0/19
DIGITALOCEAN-1 208.68.36.0 - 208.68.39.255 208.68.36.0/22
DIGITALOCEAN-V6-1 2604:A880:: - 2604:A880:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

dstiles




msg:4580363
 4:54 pm on Jun 2, 2013 (gmt 0)

New softlayer range, registered January...

192.155.192.0 - 192.155.255.255
192.155.192.0/18

Datashack - I have
142.54.160.0 - 142.54.191.255
192.151.144.0 - 192.151.159.255
198.204.224.0 - 198.204.255.255

FDC Servers...

50.7.0.0 - 50.7.255.255
66.90.64.0 - 66.90.127.255
67.159.0.0 - 67.159.63.255
74.63.64.0 - 74.63.127.255
76.73.0.0 - 76.73.127.255
108.179.64.0 - 108.179.127.255
204.45.0.0 - 204.45.255.255
208.53.128.0 - 208.53.191.255

Digital Ocean...
82.196.0.0 - 82.196.15.255
185.14.184.0 - 185.14.187.255
192.34.56.0 - 192.34.63.255
192.81.208.0 - 192.81.223.255
198.199.64.0 - 198.199.127.255
198.211.96.0 - 198.211.127.255
208.68.36.0 - 208.68.39.255

keyplyr




msg:4583371
 8:32 am on Jun 12, 2013 (gmt 0)


Fibergrid/Webexxpurts
151.237.184.0 - 151.237.185.255
151.237.184.0/23

dstiles




msg:4583556
 6:26 pm on Jun 12, 2013 (gmt 0)

My list of Webexxpurts...

5.34.240.0 - 5.34.247.255
37.72.184.0 - 37.72.191.255
37.203.208.0 - 37.203.215.255
46.29.248.0 - 46.29.255.255
130.185.156.0 - 130.185.159.255
151.237.176.0 - 151.237.191.255
176.61.136.0 - 176.61.143.255
178.216.48.0 - 178.216.55.255
185.3.132.0 - 185.3.135.255

Mix of Sweden, Estonia and USA.

Not sure where fibregrid comes into it?

keyplyr




msg:4583562
 6:54 pm on Jun 12, 2013 (gmt 0)



Fibergrid is subleasing the 151.237.185.0/24 of Webexxpurts and caught scraping an entire site of mine. Thanks for the Webexxpurts ranges.

blend27




msg:4588930
 1:09 pm on Jun 30, 2013 (gmt 0)

inetnum: 81.7.13.0 - 81.7.13.255
netname: EUSERV-SRV-NET21
descr: EUserv Internet
descr: Customer Network #21
descr: Dedicated Rootserver Network

I am sure there are other ranges.

Caught trying to access honey pot.

81.7.13.161 - /foxyfrot - 403 - Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0

dstiles




msg:4589326
 7:04 pm on Jul 1, 2013 (gmt 0)

The full range 81.7.0.0/18 belongs to (or is tagged as) ISPpro Internet of Germany. I have the following for ISPpro...

81.7.0.0 - 81.7.63.255
81.89.96.0 - 81.89.111.255
85.31.184.0 - 85.31.191.255
91.143.80.0 - 91.143.95.255

Firefox 6 is WAY out of date and probably a bot of some kind.

keyplyr




msg:4589394
 11:09 pm on Jul 1, 2013 (gmt 0)

@ dstiles re: ISPpro

Looks like broadband mixed in with web servers (much like Comcast.) Are you pinging for ports to tell the difference or just blocking categorically?

dstiles




msg:4589657
 6:59 pm on Jul 2, 2013 (gmt 0)

You could be right but there are several open-port IPs in the random tests I made. Ports I've seen include HTTP/HTTPS, POP3 and SMTP, FTP and others. Those ports say to me server.

If it's a mixed range then tough on the DSL users: they should find a better-split provider. Even if the ranges are static IPs, there is not enough separation between hard-core users who send out bots and "genuine" DSL users.

I dislike and distrust ALL comcast hits but I have to leave them open for one of my customers. In the past 2 years I've logged over 1200 comcast "idiotic hits". On the other hand my customer has received some orders from those ranges. :(

dstiles




msg:4589659
 7:01 pm on Jul 2, 2013 (gmt 0)

Another Rackspace range hit me today, a Cloud based at:

162.13.0.0 - 162.13.15.255

wilderness




msg:4589858
 12:11 pm on Jul 3, 2013 (gmt 0)

Servepath/GoGrid

There are mentions in two threads (one recent and one old):

08.113.98.149 - - [03/Jul/2013:04:14:40 -0600] "GET /robots.txt HTTP/1.1" 200 1907 "-" "FlightDeckReportsBot/2.0 (http://www.flightdeckreports.com/pages/bot)"

Cloud Hosting and Dedicated server.

SERVEPATH-BLK5 173.1.0.0 - 173.1.255.255 173.1.0.0 - 173.1.255.255
SERVEPATH-BLK6 204.51.128.0 - 204.51.255.255 204.51.128.0/17
SERVEPATH-BLK3 208.96.0.0 - 208.96.63.255 208.96.0.0/18
SERVEPATH-BLK3 208.113.64.0 - 208.113.127.255 208.113.64.0/18
SERVEPATH-BLK5 216.121.0.0 - 216.121.127.255 216.121.0.0/17
ERVEPATH 216.93.160.0 - 216.93.191.255 216.93.160.0/19
SERVEPATH-BLK4 64.151.64.0 - 64.151.127.255 64.151.64.0/18
SERVEPATH-BLK2 69.59.128.0 - 69.59.191.255 69.59.128.0/18
SERVEPATH-IPV6 2607:F680:: - 2607:F680:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

dstiles




msg:4589996
 6:58 pm on Jul 3, 2013 (gmt 0)

I have all of those as servepath but I have gogrid separately:

74.3.192.0 - 74.3.255.255
164.40.128.0 - 164.40.159.255 (NL)
173.204.0.0 - 173.204.255.255
173.244.64.0 - 173.244.79.255

keyplyr




msg:4590049
 8:32 pm on Jul 3, 2013 (gmt 0)



173.1.0.0 - 173.1.255.255
173.1.0.0/16
I have as GoGrid

wilderness




msg:4590067
 9:11 pm on Jul 3, 2013 (gmt 0)

From their website FAQ:

"Is ServePath being acquired?

Absolutely not, ServePath and GoGrid have always been the same company; we are just changing our name."
end of quote

Thanks for the heads up guys.
Looking further, located these North American ranges that cover both names:
GOGRID-BLK3 173.204.0.0 - 173.204.255.255 173.204.0.0/16
GOGRID-BLK3 173.244.64.0 - 173.244.79.255 173.244.64.0/20
GOGRID-BLK1 74.3.192.0 - 74.3.255.255 74.3.192.0/18

dstiles




msg:4590370
 7:55 pm on Jul 4, 2013 (gmt 0)

So gogrid is a new name for servepath or the other way around? Either way, I'm not really concerned: they are both blocked. :)

wilderness




msg:4590926
 1:28 am on Jul 7, 2013 (gmt 0)

There's multiple references to this, and even comes up in the search results advertising ;)

OrgName: Lunar Pages (ADD2NET-DOT-COM)
64.50.180.203 - - [06/Jul/2013:07:54:32 -0600] "GET /MyFolder/ HTTP/1.1" 200 7286 "-" "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)"

No other requests!

ADDD2NET-DOT-COM 209.200.224.0 - 209.200.255.255 209.200.224.0/19
ADDD2NET-DOT-COM 216.227.208.0 - 216.227.223.255 216.227.208.0/20
ADD2NET-DOT-COM 216.97.224.0 - 216.97.239.255 216.97.224.0/20
ADD2NET-DOT-COM 64.50.160.0 - 64.50.191.255 64.50.160.0/19
ADD2NET-DOT-COM 66.102.128.0 - 66.102.143.255 66.102.128.0/20
ADD2NET-DOT-COM 67.210.96.0 - 67.210.127.255 67.210.96.0/19
ADDD2NET-DOT-COM 74.50.0.0 - 74.50.31.255 74.50.0.0/19
ADD2NET-DOT-COM 2606:BD00:: - 2606:BD00:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

lucy24




msg:4591037
 10:29 pm on Jul 7, 2013 (gmt 0)

The dreaded Mixed Service IP, hot off the presses:

27.106.43.122 - - [07/Jul/2013:10:19:12 -0700] "GET /directory/page.html HTTP/1.1" 200 19055 "http://www.webmasterworld.com/profilev4.cgi?action=view&member=lucy24" "Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0"

HARRUMPH!

Free lookup says 27.106.0.0/17 is Syscon Infoway, based in Mumbai, which professes to be-- and probably is-- an ISP.

keyplyr




msg:4591250
 7:13 pm on Jul 8, 2013 (gmt 0)



Buyurl
217.195.202.0 - 217.195.202.127
217.195.202.0/25

keyplyr




msg:4591392
 3:36 am on Jul 9, 2013 (gmt 0)


ELAN, Poland
91.236.74.0 - 91.236.75.255
91.236.74.0/23

lucy24




msg:4591675
 1:07 am on Jul 10, 2013 (gmt 0)

And now the good news...

For ages I'd had
91.201.64.0/22 ("bulletproof-web", Russia)
blocked on grounds of general robotitude.

Guess it wasn't as bulletproof as they thought; the range currently seems to be unassigned. RIPE being RIPE, you would expect this situation to last five or ten minutes, tops. But they may have closed up shop as long as six months ago.

keyplyr




msg:4591683
 2:17 am on Jul 10, 2013 (gmt 0)


DonEkoService
91.201.64.0 - 91.201.67.255
91.201.64.0/22

I've had bad hits coming from this range in the past.

dstiles




msg:4591937
 7:45 pm on Jul 10, 2013 (gmt 0)

Lucy - I had that range listed as MHost but yes, not currently allocated, it seems. It's possible it fell to the latest round of exploiter shut-downs - there has been a fair amount of activity in recent months, causing a flurry of new bot activity from those attempting to create more robust botnets.

Following up through ixquick and entering the starting IP brings up a result from nanog which states the range was hijacked last August from DonEkoService (which they say was dodgy anyway). Maybe it was just reclaimed by RIPE.

not2easy




msg:4592360
 6:20 am on Jul 12, 2013 (gmt 0)

A new (for me anyway) DataShack just showed up July 7:
74.91.16.0 - 74.91.31.255 74.91.16.0/20
74.91.18.224 - 74.91.18.231 74.91.18.224/29

UA: -

keyplyr




msg:4592406
 8:55 am on Jul 12, 2013 (gmt 0)

@not2easy Thanls for the DataShack

Amernet cloud & VoIP
209.21.64.0 - 209.21.95.255
209.21.64.0/19

not2easy




msg:4592499
 4:37 pm on Jul 12, 2013 (gmt 0)

Another one: GO-DADDY-NETHERLANDS-BV
146.255.32.0 - 146.255.35.255
I blocked the whole 146.255.0.0/16 because this is a sub-range in NetRange: 146.255.0.0 - 146.255.255.255 and found on a non public site and they were trying very hard to do sql injections. UA: "T34m 0x68583052" another scan from this IP had UA: "-"

From WIRESIX: 98.142.208.0 - 98.142.223.255 98.142.208.0/20
UA: "Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2"

From TEDE-LLU: 95.112.0.0 - 95.115.255.255 95.112.0.0/13
UA: "Java/1.7.0_07"

From SOFTLAYER-4-3: 75.126.0.0 - 75.126.255.255 75.126.0.0/16
UA: "Python-urllib/1.17"

From AFOCELCA (Portugal):213.58.195.224 - 213.58.195.231 213.58.192.0/21
"GET /w00tw00t.at.ISC.SANS.Win32:) HTTP/1.1" 400 289 "-" "-"
No UA, the requested file is not on this server but I get a lot of requests for it, it must be popular...and vulnerable.

keyplyr




msg:4592532
 5:47 pm on Jul 12, 2013 (gmt 0)

Another one: GO-DADDY-NETHERLANDS-BV
146.255.32.0 - 146.255.35.255
I blocked the whole 146.255.0.0/16 because this is a sub-range in NetRange: 146.255.0.0 - 146.255.255.255

Thanks for the GDaddy range. However, I would reconsider blocking the /16. There *are* public areas in there. For example:
Surebroadband
146.255.0.0 - 146.255.0.127

dstiles




msg:4592573
 7:39 pm on Jul 12, 2013 (gmt 0)

I have a wider range for the datashack range. My full set of datashack is:

74.91.16.0 - 74.91.31.255
142.54.160.0 - 142.54.191.255
192.151.144.0 - 192.151.159.255
198.204.224.0 - 198.204.255.255

keyplr:
Are you sure about amernet being a cloud? I have it down as DSL and all IPs I've checked (admittedly not that many!) have closed ports.

not2easy:
My godaddy ranges currently stand at:

50.62.0.0 - 50.63.255.255
64.202.160.0 - 64.202.191.255
68.178.128.0 - 68.178.255.255
72.167.0.0 - 72.167.255.255
97.74.0.0 - 97.74.255.255
118.139.160.0 - 118.139.191.255
146.255.32.0 - 146.255.47.255
160.153.0.0 - 160.153.255.255
173.201.0.0 - 173.201.255.255
182.50.128.0 - 182.50.159.255
184.168.0.0 - 184.168.255.255
188.121.32.0 - 188.121.63.255
203.124.96.0 - 203.124.127.255
208.109.0.0 - 208.109.255.255
216.69.128.0 - 216.69.191.255

wiresix (blocked):

66.71.240.0 - 66.71.255.255
98.142.208.0 - 98.142.223.255

softlayer (blocked):

5.153.0.0 - 5.153.63.255
50.22.0.0 - 50.23.255.255
50.97.0.0 - 50.97.255.255
66.228.112.0 - 66.228.127.255
67.228.0.0 - 67.228.255.255
74.86.0.0 - 74.86.255.255
75.126.0.0 - 75.126.255.255
108.168.128.0 - 108.168.255.255
119.81.0.0 - 119.81.255.255
159.253.128.0 - 159.253.159.255
173.192.0.0 - 173.193.255.255
174.36.0.0 - 174.37.255.255
192.155.192.0 - 192.155.255.255
192.169.48.0 - 192.169.63.255
198.58.80.0 - 198.58.95.255
208.43.0.0 - 208.43.255.255
208.101.0.0 - 208.101.63.255

keyplr:

Surebroadband is actually 146.255.0.0/20 and it's UK. There are several /20 ranges in that /16 and I have three DSL and three Server in the database.

This 103 message thread spans 4 pages: < < 103 ( 1 [2] 3 4 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved