Msg#: 4643761 posted 10:13 pm on Feb 9, 2014 (gmt 0)
Has anyone got the remotest idea who these people are?
IP: 38.99.82.abc They appear to own the whole /24, though all crawling to date is from the narrower .192/26 subsector.
UA: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) But see below.
Far as I can make out they belong to an outfit called Fieldtech. The one in Idaho, not to be confused with the (probably) several dozen other companies with the same name. They ask for and appear to obey robots.txt, and generally crawl at a leisurely pace. ("Appear to" = they've only gone two steps from the front page.) I've met them twice: once in the first half of January, and again a few days ago.
Mystifying quirk: Alongside their ordinary crawling, each visit has included a block of exactly 18 (eighteen) requests for the same interior page. For these they used a different UA Java/1.6.0_33 which got them blocked. Eighteen times in rapid succession.
Msg#: 4643761 posted 9:49 pm on Feb 12, 2014 (gmt 0)
I need the sub-ranges identified. The current identity (via arin) is useless. Small sub-ranges of /29 or /25 suggest businesses rather than individuals, and a lot of businesses either do not use our services or abuse them (cf comcast).
Also bear in mind that I am in the UK and get so many bad hits from US that I'd really like to block the whole country; pity about my customers, who won't let me do that. :(
If anyone has a reasonable breakdown of the range I will consider opening up some of it, but the holes will need to be at least /20.
Msg#: 4643761 posted 3:52 pm on Feb 13, 2014 (gmt 0)
But so are several other providers. Most of them give breakdows via DNS assignements. Cogent seem too lazy to do this - or they consider the whole /11 to be one big mish-mash of business/server/whatever, which drops them into a hack blacklist anyway.