homepage Welcome to WebmasterWorld Guest from 54.161.197.188
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
good riddance to bad robots
lucy24




msg:4584533
 11:46 pm on Jun 15, 2013 (gmt 0)

For people looking to fatten their Deny lists, here's the result of some recent housecleaning. I'm currently afflicted by two botnets that I know as the "indexphp botnet" and the "hovercraft" botnet because of their site-specific behavior. No idea what the robots' underlying script is; obviously they haven't singled me out among all the world's billions of www sites :)

5.34.242.18 and ..20
>>
5.34.240.0/21 Sweden, may be some kind of proxy, assigned to "webexxpurts" (sic) belonging to one Deepak Mehta with address in Tallinn, no country specified. ("That's funny! You don't look Estonian.")

62.113.213.244 (exact but repeated)
>>
62.113.192.0/18 Germany 23media and/or NodeDeploy (Something about the name element "Node" makes me instantly suspicious.)

108.163.248.18 and ..250.75
>>
108.163.192.0/18 Singlehop (can you put "Singlehop" and "benefit of the doubt" into the same sentence?)

130.185.156.226
>>
130.185.152.0/21 assorted places involving... well, fancy that. Two different people don't know how to spell "experts", and they both have the same name (in fairness, there do exist men in English-speaking countries whose name truly is John Smith) and live at the same address in Tallinn. Guess he assumes IANA knows what country it's in.

173.213.97.249 and ..113.252
>>
173.213.64.0/18 US Eonix Corp., hosting and colo, nuff said

178.238.131.94
>>
78.238.131.88/29
Bit of a headscratcher here. Do we go with UK (BurstNet) or further east (packetlabs.ro) or still further east (address entirely in Chinese, and it's not because browser has inadvertently changed to UTF-16).
>>
Aah, the heck with it, let's just lock out the whole
178.238.128.0/20

198.2.204.73 and ..204.145
>>
198.2.192.0/18 PegTech range mentioned elsewhere. The exact area 204.72-79 seems to belong to someone in China, but not worth investigating closer.

198.27.80.111
>>
198.27.64.0/18 OVH Montreal (I cannot get the initials O,V,H to stand for "Francophone robot" but that seems to be what it means)

198.52.240.36 and ..46
>>
198.52.128.0/17 Avante Hosting, somewhere in Canada. This is a recently opened range. Don't have exact dates, but a few months ago it was on my bogons list.

198.143.143.44 and ..159.79
>>
198.143.128.0/18 Singlehop. Yawn.

199.48.164.41
>>
199.48.160.0/21 (NodesDirect, see above about name elements that can only cause suspicion) but it turns out I've met other robots from the neighborhood so let's proceed directly to
>>
199.48.128.0/18

217.76.196.234
>>
217.76.192.0/20 T.E.S.T. Where would a botnet be without a Ukrainian?

217.195.202.2, ..9, ..12, ..14, ..16
>>
very active neighborhood, unique in offering representatives of both my current botnets. Another head-scratcher, because it goes back to
217.195.192.0/20
in an apparently human Turkish range, and I do meet the occasional human from Turkey, so let's compromise with
>>
217.195.202.0/25
which looks as if it's sublet to someone in Austria.

 

dstiles




msg:4584663
 7:16 pm on Jun 16, 2013 (gmt 0)

Thanks, Lucy.

I had all but two of those ranges blocked; extras now added.



And thanks for starting an IP on its own line: makes it much easier and quicker to paste the IP into my database, even with the extras after it! :)

motorhaven




msg:4585020
 6:25 pm on Jun 17, 2013 (gmt 0)

Thanks. Checked them all and already have them all blocked... so feeling better about keeping on top of these cesspools.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved