1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 10:14 pm May 4, 2026

Forum Moderators: open

Message Too Old, No Replies

Level 3 redux

         

Pfui

2:51 am on Aug 1, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Someone at Level 3's been bot-running a bit recently. They're hitting a closed site and only asking for robots.txt. But 6 times from 4 IPs in 2 days using 1 not-okay UA? Go 'way.

BARE IPS:

8.18.46.199
8.18.46.200
8.18.46.202
8.18.46.203

UA: Java/1.6.0_24

On larger sites I block Level 3 from the get-go via ^8. But I'm curious about this wiggler... Anyone know who/what is behind those IPs?

dstiles

9:36 pm on Aug 1, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



DNS says Conoco Petroleum. Never seen anything obviously bad from there before. Could be hacked?

Is there any legitimate (non-server) activity on Level-3? Surely there must be on such a vast number of IPs.

wilderness

9:50 pm on Aug 1, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



"Surely there must be on such a vast number of IPs. "

dstiles,
Historically, and when the "old ARIN' was running on all-cylinders, I used to query and archive "sub-net" searches.
Frequently the results would run past the 255 line limit and cut your query off at that point. Other times a query would list pages and pages.

I could never get nothing on the 8.0 Level3, although I've some saved on 4.0 Level3's.

For the longest while, I had every Level3 range I could located, denied.

Recently and as the result of an SMF, I've seen some odd requests by a Level3 8.0 range and even recall the redux, however I failed to make notations because the requests were single requests and not annoying enough.

Don

dstiles

9:37 pm on Aug 2, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Hmm. Thanks for the info.

At least one of my customers gets a lot of paying traffic from USA, hence my reluctance to block the whole 4/8 and 8/8 ranges. For example, if there is a business broadband range in there, static or otherwise, I need to allow it, at least in general terms. I block sub-ranges if I find they are (more or less) servers but it seems 4/8 and 8/8 could power an awful lot of servers. :(

I currently have about 40 small-ish level-3 sub-ranges blocked, only half a dozen of which are in the 4/8 and 8/8 bands, but I've seen a lot of "bad press" hereabouts for level-3. Hence my query as to whether or not they could be safely blocked en masse.

Pfui

8:49 pm on Aug 21, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



8.18.46. bot-runner now hitting another site. Asked for robots.txt -- and promptly ignored it.

8.18.46.201
Apache-HttpClient/4.1.1 (java 1.5)

08/2n 13:19:00 /robots.txt
08/2n 13:19:01 /dir/filename.html

Speaking of Level 3, see also "Level3 and more" [webmasterworld.com...]

Pfui

3:25 pm on Sep 19, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Still at it on more than one site, still asks for robots.txt, still gets and then ignores it:

09/12
8.18.46.200
Apache-HttpClient/4.1.1 (java 1.5)

09/19
8.18.46.202
Apache-HttpClient/4.1.1 (java 1.5)
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 10:14 pm May 4, 2026