dstiles: Over 60% of web traffic in 2013 was bots, and a large proportion of that 60% was miscreant. As an avid log-watcher I'm sure you've noticed :)
Only 40% is human traffic, and not all the 40% is virtuous.
The see-saw has tipped.
The gyro toppled.
Nerd-dom and geek-dom beckon.
So those of us who do not wish to become either, eagerly await a better filtering solution than any of us has so far employed.
Meanwhile, keep bailing folks!
A Merry Christmas to all our readers.
New Digital Ocean range
184.108.40.206 - 220.127.116.11
This was brought to light by the following UA (my )...
elefent/Elefent 1.2 (A friendly web elefent.; [elefent[.]eu...] webmaster@elefent[.]eu)
This UA was mentioned in a previous thread (now closed) as coming from an ADSL line. Obviously it has moved on.
My total Digital Ocean list is now as follows, split roughly half US and half NL...
18.104.22.168 - 22.214.171.124
126.96.36.199 - 188.8.131.52
184.108.40.206 - 220.127.116.11
18.104.22.168 - 22.214.171.124
126.96.36.199 - 188.8.131.52
184.108.40.206 - 220.127.116.11
18.104.22.168 - 22.214.171.124
126.96.36.199 - 188.8.131.52
184.108.40.206 - 220.127.116.11
18.104.22.168 - 22.214.171.124
126.96.36.199 - 188.8.131.52
184.108.40.206 - 220.127.116.11
brand spankin new addition to the WeHost [webmasterworld.com] family. I always like companies that include "Host" in their name. Makes it easier.
Only registered last month, looks like, and already snuffling around a site I just set up the day before yesterday (really).
Lucy I've had that one since late 2003. Possibly the registration info was just updated.
Are you sure about the numbers? Most of 23. was bogons until recently. There are still huge gaps.
I'm not sure about anything :)
Only that my notes say...
|WeHostWebSites.com 10/20/2003 |
18.104.22.168 - 22.214.171.124
I've these three new ranges updating my May 18, 2013 reference:
NET-WEHOST-6 126.96.36.199 - 188.8.131.52 184.108.40.206/21
NET-WEHOST-7 220.127.116.11 - 18.104.22.168 22.214.171.124/20
NET-WEHOST-8 126.96.36.199 - 188.8.131.52 184.108.40.206/19
Is it possible that the 2003 range was a subnet of them-larger-backbone?
New Hetzner range: 220.127.116.11 - 18.104.22.168 (ZA)
WeHost - I have the following...
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
Three of those APPEAR recent, in that I didn't have them listed (ie they hadn't attacked me) until November/December. Perhaps they are just better managed than many. :)
Another annon service
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
Surely they have other ranges?
There's a 2012 thread by gg [webmasterworld.com], however it's for a APNIC Range.
The following are ARIN ranges:
SERVEREL 188.8.131.52 - 184.108.40.206 220.127.116.11/22
SERVEREL 18.104.22.168 - 22.214.171.124 126.96.36.199/20
SERVEREL 188.8.131.52 - 184.108.40.206 220.127.116.11/21
SERVEREL 18.104.22.168 - 22.214.171.124 126.96.36.199/21
SERVEREL 188.8.131.52 - 184.108.40.206 220.127.116.11/20
SERVEREL-IPV6-NET 2605:5B00:: - 2605:5B00:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
I don't know if they are all the same company but I have the following listed under serverel, all blocked. They are a mix of US and several european countries.
18.104.22.168 - 22.214.171.124
126.96.36.199 - 188.8.131.52
184.108.40.206 - 220.127.116.11
18.104.22.168 - 22.214.171.124
126.96.36.199 - 188.8.131.52
184.108.40.206 - 220.127.116.11
18.104.22.168 - 22.214.171.124
126.96.36.199 - 188.8.131.52
184.108.40.206 - 220.127.116.11
18.104.22.168 - 22.214.171.124
126.96.36.199 - 188.8.131.52
184.108.40.206 - 220.127.116.11
18.104.22.168 - 22.214.171.124
126.96.36.199 - 188.8.131.52
184.108.40.206 - 220.127.116.11
18.104.22.168 - 22.214.171.124
126.96.36.199 - 188.8.131.52
184.108.40.206 - 220.127.116.11 18.104.22.168/22
Anyone have more?
HP Cloud Services
22.214.171.124 - 126.96.36.199
188.8.131.52 - - [25/Dec/2013:11:28:08 -0800] "GET /example.html HTTP/1.1" 200 16524 "-" "Mozilla/5.0 (Windows NT 6.0; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0"
New hetzner range:
184.108.40.206 - 220.127.116.11
And, lunging for the inside line of the year's final corner, we present a new toxic China-USA range for your delight:
18.104.22.168 - 22.214.171.124 << 126.96.36.199/18
Isn't there a list somewhere of Top Ten Things Webmasters Do Not Want To Hear, Ever?
These threads (due to the inability to link to individual submissions) have become literally worthless, at least in the reference and/or search options.
I did not check, however these CloudRadium "may" be subnets of larger Nobis Tech ranges.
CLOUDRADIUM-LA4 188.8.131.52 - 184.108.40.206 220.127.116.11/17
CLOUDRADIUM-LA3 18.104.22.168 - 22.214.171.124 126.96.36.199/16
CLOUDRADIUM-CAGE2 188.8.131.52 - 184.108.40.206 220.127.116.11/18
CLOUDRADIUM-USA 18.104.22.168 - 22.214.171.124 126.96.36.199/20
CLOUDRADIUM-LA 188.8.131.52 - 184.108.40.206 220.127.116.11/19
CLOUDRADIUM-5 18.104.22.168 - 22.214.171.124 126.96.36.199/15
CLOUDRADIUM-LA 2604:3880:: - 2604:3880:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
Thanks Mr. Wilderness, not worthless for those of us who remember Mme. Curie's error.
China seems to be buying up struggling US data centres.
"China seems to be buying up struggling US data centres."
The word "cloud" is changing the interpretation of the internet and/or networks.
Indeed; cloud = block me quick or die!
I was going to say something about CloudRadium earlier, but got in a fight with my keyboard :(
Not long ago I met an apparent human from that 188.8.131.52/18 range. I got the impression it's a proxy. Cell phone, hot on the heels of 112.79.43.abc (same UA requesting same page) which claims to be India.
|due to the inability to link to individual submissions |
Post it in the Forums Wishlist [webmasterworld.com] thread ;)
Each post does have a #anchor so there's no inherent reason posts can't be linked; it just requires a code tweak.
For comparison purposes: Earlier this year someone explained to me how a php/bb URL works. Links to a specific post end in a seemingly redundant
but there's a reason for the redundancy. The query part means "the page that contains post 123456" (php/bb forums also have a thread number, but it isn't used in this type of URL), while the fragment means the post, wherever on the page it may be.
Meanwhile at WebmasterWorld, the post directly above mine is
This can only be used for linking if you have the same posts-per-page setting that I do. You can change the "-30" part of the URL or even omit it entirely; it won't override your own prefs. I experimented. If your setting is for a higher number, the URL will take you to your page 8, which may not be the same as mine. Or to the last page of the thread, if there aren't 8 pages. So post #4634071 may or may not be present on this page. But it does have an <a name>. (Only a name. No id yet.)
the individual submission links worked for more than a decade.
You mean the part where Forums software eats any fragment links? It doesn't really matter whether it did or didn't work in the past; either way it can be (re)made to work in the future.
for the sake of clarity, in html they're called page bookmarks.
Today's webexxpurts range
:: yawn ::
Free lookup gives smaller pieces. But if 5.153.237 is one piece and 184.108.40.206/22 is another, and I already know the /21 is allocated to Sweden, I'm not going to bother looking up 236, 238 and 239.
I've had 220.127.116.11/22 blocked for a month or two... just say'n.
This a bit off-topic for this thread, however since the activity came from a farm, it fits.
Fortunately between the blank UA and the farm IP, all it did was eat 403's.
Checking for PHP vulnerabilities.
627 successive requests over 35 minutes.
I've not seen anything this persistent in some while.
Choopa, LLC CHOOPA-NETBLK06 18.104.22.168 - 22.214.171.124
ReliableSite.Net LLC NET-209-222-3-168-29 126.96.36.199 - 188.8.131.52
first request (space inserted to break URL)
184.108.40.206 - - [31/Dec/2013:17:39:08 -0700] "GET /0_admin/modules/Wochenkarte/frontend/index.php?x_admindir=http://www. google.com/humans.txt? HTTP/1.0" 403 794 "-" "-"
That reminds me that the first time I saw a request for humans.txt, I thought the visitor was being humorous. I've since learned that "humans.txt" is a real thing. (That's an actual google page in there. Was it really part of the request, or did you change it for safety?)
:: wandering off to investigate because I can't imagine why I don't have that Choopa range flagged ::
Ah. Only visitor I've had from there in measurable time was something calling itself the Ahrefsbot-- whether truthfully or otherwise-- so it was locked out a priori and I never even saw it.
Edit: I found this list in another thread.
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
They must not be uniformly loathsome; some of those numbers I've never set eyes on.
|Was it really part of the request, or did you change it for safety? |
That exact trailing google URL was in each one of the 627 requests, and was immediately following the PHP request.
Freshly nabbed nicking without even a glimpse at robots we present;
eNET Inc. OH USA
188.8.131.52 - 184.108.40.206 220.127.116.11/19
207.182.143.nnn - - [01/Jan/2014] "GET /example.htm HTTP/1.1" 200 9869 "-" "niki-bot"
Don't feel bad KeyP:
We've had 5. blocked for years, jam-packed with nasties from Latvia and associated alcoholic regions.
|We've had 5. blocked for years |
ALL of 5? Do you deal in geographically constrained widgets?
RIPE ranges aren't regionally apportioned. You'll find legitimate academics from the UK side by side with Ukrainian robots.