Welcome to WebmasterWorld Guest from 54.205.20.160

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

Russian Business Network -Super-stealth bots with "success" homepages?

   
7:55 am on Nov 27, 2010 (gmt 0)

WebmasterWorld Senior Member jab_creations is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I've been going over my site's reject logs and I've noticed some really strange activity that very closely seems to mimic bots. There are some IP addresses which if you look up and visit have blank homepages that simply say, "success". In my Apache access logs they look exactly like legit browsers with a two exceptions only one of which I'll mention. The URL's they are requesting are in the typical order that bots would fetch (although from different IP addresses) so clearly it's some sort of scrapper though if it was truly a human using a browser would they have bookmarked the Brazilian Portuguese page and visit several weeks later and then with a different IP address which if you visit has the same blank "success" website that makes the same request to a different URL?

Upon further investigation apparently it's part of the "Russian Business Network". Does any one have a list of IP addresses that I can blacklist or suggestions on countering this scrapper? I've already begun manually blocking the IP addresses though I would like to take more preemptive action if possible.

- John
10:16 pm on Dec 3, 2010 (gmt 0)

5+ Year Member



I have no "list" but blocked a bot from IP 211.104.150.236 (Asia), and one from 77.88.29.247 (Netherlands?) ...I think they're up to no good.

My content (images/text snippets) is being used on BAD sites for BAD reasons. (And right next to my stuff are things from my up&up competitors who have clearly been targeted too.)

I'm now erring on the side of caution, and doing everything I can to stay alert.

Good luck!
--lindy
1:35 am on Dec 4, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The following are all closely connected:
# 2009-11-02 extended DROP rule to entire 95.168.160.0 netblock after more scrapes 
# 2009-09-23 added DROP rule to block internetserviceteam.com IP 95.168.178.87
# reason: high-speed scrape
# 2009-09-18 added DROP rule to block internetserviceteam.com IP 188.72.217.11
# reason: high-speed scrape
# 2009-03-20 extended DROP rule to entire 212.95.32.0 netblock after more scrapes
# 2009-02-26 added DROP rule to block internetserviceteam.com IP 212.95.54.179
# reason: continuous high-speed scrapes
# 2009-01-30 extended DROP rule to entire 78.159.96.0 netblock after more scrapes
# 2008-12-01 added DROP rule to block internetserviceteam.com IP 78.159.112.96:
# reason: continuous high-speed scrapes
# 2008-01-12 added DROP rule to block Netdirekt (internetserviceteam.com):
# reason: continuous attempted spam posts into Forums from their network
$IPT -A tcp_inbound -p TCP -s 78.159.96.0/19 -j DROP
$IPT -A tcp_inbound -p TCP -s 84.16.224.0/19 -j DROP
$IPT -A tcp_inbound -p TCP -s 89.149.192.0/18 -j DROP
$IPT -A tcp_inbound -p TCP -s 95.168.160.0/19 -j DROP
$IPT -A tcp_inbound -p TCP -s 188.72.217.11/32 -j DROP
$IPT -A tcp_inbound -p TCP -s 212.95.32.0/19 -j DROP

# 2007-10-25 added DROP rule to block Russian Business Network:
# reason: continuous attempted spam posts into Forums
$IPT -A tcp_inbound -p TCP -s 81.95.144.0/20 -j DROP
$IPT -A tcp_inbound -p TCP -s 81.95.156.0/22 -j DROP
4:42 am on Dec 4, 2010 (gmt 0)

5+ Year Member



The RBN is a large network that often uses "fast-flux" IP switching that changes IP addresses every few minutes. They can send malicious requests to your server from more IP addresses than you can possibly identify and ban.

If you can find common features of the malicious requests, you will be much better off banning by those characteristics in .htaccess than attempting to ban IP addresses.
11:48 am on Dec 7, 2010 (gmt 0)

10+ Year Member



what is the purpose of this network, why are the collecting info?
11:32 pm on Dec 7, 2010 (gmt 0)

5+ Year Member



Difficult to improve on this description:
[en.wikipedia.org...]
 

Featured Threads

Hot Threads This Week

Hot Threads This Month