Forum Moderators: open
Gets robots.txt and then a few other files.
Always reports itself as:
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7"
Have seen it on:
208.17.184.44
208.17.184.53
208.17.184.57
I blocked it initially on 208.17.184.57, then it came on 208.17.184.44, which I then blocked, and today it came on 208.17.184.53. It's very persistent.
IPWHOIS reports:
VeriSign Infrastructure & Operations SPRINTLINK (NET-208-17-184-0-1) 208.17.184.0 - 208.17.184.255
Traceroutes go into a black hole, with no reverse DNS.
Any clues?
I am loath to block the whole 208.17.184.0/24, but will if I see it turning up on more addresses, and can't identify it.
208.17.184.40
208.17.184.42
208.17.184.43
208.17.184.44
208.17.184.45
208.17.184.47
208.17.184.48
208.17.184.49
208.17.184.51
208.17.184.52
208.17.184.53
208.17.184.55
208.17.184.56
208.17.184.57
208.17.184.58
208.17.184.62
208.17.184.63
208.17.184.65
208.17.184.66
208.17.184.67
208.17.184.68
208.17.184.69
208.17.184.71
65.201.175.62
I have also seen the same user agent from several other places including Sprint, UUNet, RoadRunner, SBC and others.
In googling that 208.17.184.* IP range, it is all over the web in peoples logs, and has been for a while.
So either it is an established search engine operating on an IP address range no one has noticed before, or it is a sneaky operation like Cyveillance or similar.
It seems to be well behaved as a bot, as you say, but it would be nice if it came clean about what it was, instead of pretending to be Firefox, and hiding behind no reverse DNS.
It makes me very suspicious... especially coming out of Verisign's infrastructure.
So I think it is going to get a big BLOCK from me against all my sites.
http ://www.verisign.com/managed-security-services/index.html
So, when a client tries to visit a website this user agent checks it out first to be sure it's safe?
</dumb_mode off>
