Nice coincidence. I just banned them from my office site 5 minutes ago. Earlier this afternoon, they requested the robots.txt file and then followed up with another 265 requests in just under 6 minutes, including a number of requests for material explicitly identified as out of bounds by the robots.txt file.

Doing a whois on the IP in question (61.78.61.162) traces back to:

IP Address  : 61.78.59.0-61.78.63.255 
Network Name : KORNET-IDC-JUNGANG-KTIDC 
Connect ISP Name : KORNET 
Connect Date : 20011106 
Registration Date : 20011108 
[ Organization Information ] 
Orgnization ID : ORG203787 
Org Name  : CENTRAL DATA COMMUNICATION OFFICE  
State  : SEOUL 
Address  : 128-9 YEUNKEONDONG JONGROKU 
Zip Code  : 110-460 
[ Admin Contact Information] 
Name  : GilSoon Park 
Org Name  : KOREA TELECOM 
State  : SEOUL 
Address  : 128-9 Youngundong Chongroku 
Zip Code  : 110-460 
Phone  : +82-2-747-9213 
Fax  : +82-2-766-5901 
E-Mail  : gspark@kornet.net 
[ Technical Contact Information ] 
Name  : Won Kang 
Org Name  : KOREA TELECOM 
State  : SEOUL 
Address  : 128-9 Youngundong Chongroku 
Zip Code  : 110-460 
Phone  : +82-2-747-9213 
Fax  : +82-2-766-5901 
E-Mail  : ip@ns.kornet.net 

218.145.25.108 - - [25/Jul/2003:06:23:36 +0200] "GET /x.htm HTTP/1.0" 200 1538 www.jc-r.net "-" "minibot(NaverRobot)/1.0" "-"

about 1000 requests, sucked down my entire site... this is Korea Telecom too. Ban it!

Why are they crawling?

Is it a Spammer or a SE?

I think KORNET is an isp which is owned by KOREA TELECOM, same as BT in the UK owning BTopenworld

I banned them yesterday for taking over 950 pages

I think KORNET is an isp which is owned by KOREA TELECOM, same as BT in the UK owning BTopenworld

I banned them yesterday for taking over 950 pages

has anyone the entire KORNET IP ranges here? preferred already translated to RewriteCond?

from APNIC:

168.126.0.0 - 168.126.255.255
211.216.0.0 - 211.231.255.255
218.144.0.0 - 218.159.255.255
221.144.0.0 - 221.168.255.255
220.72.0.0 - 220.95.255.255
220.116.0.0 - 220.127.255.255
61.72.0.0 - 61.85.255.255

Method A:
168.126.0.0 - 168.126.255.255
RewriteCond %{REMOTE_ADDR} ^168\.126\. [OR]

211.216.0.0 - 211.231.255.255
RewriteCond %{REMOTE_ADDR} ^211\.2(1[6-9]¦2[0-9]¦3[01])\. [OR]

218.144.0.0 - 218.159.255.255
RewriteCond %{REMOTE_ADDR} ^218\.1(4[0-9]¦5[0-9])\. [OR]

221.144.0.0 - 221.168.255.255
RewriteCond %{REMOTE_ADDR} ^221\.1(4[0-9]¦5[0-9]¦6[0-8])\. [OR]

220.72.0.0 - 220.95.255.255
RewriteCond %{REMOTE_ADDR} ^220\.(7[2-9]¦8[0-9]¦9[0-5])\. [OR]

220.116.0.0 - 220.127.255.255
RewriteCond %{REMOTE_ADDR} ^220\.1(1[6-9]¦2[0-7])\. [OR]

61.72.0.0 - 61.85.255.255
RewriteCond %{REMOTE_ADDR} ^61\.(7[2-9]¦8[0-5])\. [OR]

Method B:
SetEnvIf User-Agent ^dloader keep_out
SetEnvIf User-Agent ^Naver keep_out
SetEnvIf User-Agent ^mini keep_out

Method C ( for the extremists:
deny from 168.126.
deny from 218.
deny from 221.
deny from 220.
deny from 61.

Well I don't know what this means, but i just checked my logs today it looks like it may be related to google - or it's claiming to be:

218.145.25.47 - - [28/Jul/2003:23:54:39 -0400] "GET /robots.txt HTTP/1.0" 404 204 "-" "GoogleBot"
218.145.25.47 - - [28/Jul/2003:23:54:40 -0400] "GET / HTTP/1.0" 200 216 "-" "dloader(NaverRobot)/1.5"
218.145.25.47 - - [28/Jul/2003:23:54:40 -0400] "GET /index.html HTTP/1.0" 200 11538 "-" "dloader(NaverRobot)/1.5"
218.145.25.47 - - [28/Jul/2003:23:54:41 -0400] "GET /images/l1a.jpg HTTP/1.0" 200 9880 "-" "Mozilla/3.01 (compatible;)"
218.145.25.47 - - [28/Jul/2003:23:54:41 -0400] "GET /images/l2a.gif HTTP/1.0" 200 9458 "-" "Mozilla/3.01 (compatible;)"

See how it has the same IP address? Think Naver is spoofing itself as google? or Google is using naver?
Anyhow, it went ahead and did a fresh crawl on the 1st level of my site. I don't know if this is a coincidence, but I also re-submitted my url to google earlier today (about 6-7 hours before the spider arrived).

-s

Think Naver is spoofing itself as google?

218.145.25.16 - - [28/Jul/2003:20:25:03 -0700] "GET /robots.txt HTTP/1.0" 403 - "-" "GoogleBot"
218.145.25.16 - - [28/Jul/2003:20:25:03 -0700] "GET / HTTP/1.0" 403 - "-" "dloader(NaverRobot)/1.5"
61.78.61.244 - - [28/Jul/2003:20:25:05 -0700] "GET /other/myotherpage.htm HTTP/1.0" 403 - "-" "dloader(NaverRobot)/1.5"

Google has NO association with this piece of junk or the junkee users.

BTW there are a few others who pose as google as well.
Jim contributed a solution a while back.

New one from KORNET:

218.39.19.7 - - [30/Jul/2003:05:09:30 +0200] "GET [b]/robotsxx.txt[/b] HTTP/1.0" 403 398 -.net "-" "PlantyNet_WebRobot_V1.9 dhkang@plantynet.com" "-"
218.39.19.7 - - [30/Jul/2003:05:09:31 +0200] "GET / HTTP/1.0" 403 398 -.net "-" "PlantyNet_WebRobot_V1.9 dhkang@plantynet.com" "-"

Anyone here who wants to write to this address? For me KORNET remains blocked.

Anyone here who wants to write to this address? For me KORNET remains blocked.

As "Mighty Mean Marie" might say? ;)
I have the entire 218. denied!

Hi all,

after I blocked this Korean thing yesterday I found the following in my logs today:

218.145.25.79 - - [11/Aug/2003:06:06:52 +0200] "GET /robots.txt HTTP/1.0" 200 4140 "-" "GoogleBot"
218.145.25.79 - - [11/Aug/2003:06:06:53 +0200] "GET / HTTP/1.0" 403 896 "-" "dloader(NaverRobot)/1.5"

and then:

61.78.61.244 - - [11/Aug/2003:06:06:53 +0200] "GET /directory/page.htm HTTP/1.0" 403 896 "-" "dloader(NaverRobot)/1.5"

Lucky, it's been blocked via UA AND IP and I think it wasn't such a bad idea .. thanks wilderness! ;)

<edited>
I haven't banned this nor the fake Gbot yet, as they have not violated my own "robots.txt" yet (it is a very liberal one).

Here's their homepage it was an easy find: [naver.com...]

/claus

claus, all i can say is that they in fact violated the (valid) robots.txt on many of my pages. Even if they wouldn't have done so, faking the UA to Googlebot is reason enough for me to give them a 403. ;)

allthough the naver.com site looks nice and is very informative. :)