Forum Moderators: open
Only requested one file. It received a 403 as I have that EI CIDR blocked.
[edited by: volatilegx at 2:18 pm (utc) on Aug. 4, 2006]
[edit reason]
[1][edit reason] obscured IP address [/edit] [/edit][/1]
The IP you referenced is for ev1servers.net, if you have reverse DNS enabled at the Apache level you can just whack anything that says it's ev1servers.net and avoid zapping Everyones Internet net access customers.
Unless someone knows something about ev1servers.net that I don't know, it's probably safe to block this entire range:
66.98.128.0 - 66.98.255.255
Definitely servers:
Jayde - 66.98.160.93 "Jayde Crawler. [jayde.com"...]
The proxy DIT - 66.98.206.97 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1), DynaWeb [dit-inc.us...]
Entire blocks of IPs crawling as numbers, "0" "1" or blanks "",
or 66.98.176.80 libwww-perl/5.805
It's a bad neightborhood, what more can I say :)
if you have reverse DNS enabled at the Apache level you can just whack anything that says it's xyz.net
Don't trust on the reverse PTR names. They can be set to anything, and many providers of dedicated servers let their customers do.
While there is a recommendantion that a reverse PTR record 'should' forward resolve, there are no formal rules and no enforcement on this.
Yes, most of these reverse names are mostly correct, but some are sometimes not, especially in the shady area of automatic bots doing dubious things -- from scraping to exploiting and attacking weak servers.
Although my webservers log the reverse DNS names, too, this is mainly for entertainment purposes, and all analyses or decisions are done on IP address level only.
Kind regards,
R.
