Ezooms the New DotBot? - Crawler, Spider, and User Agent ID forum at WebmasterWorld - WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

Ezooms the New DotBot?

née DotBot?

Pfui

7:00 pm on Dec 19, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

The "Ezooms" bot comes along a LOT -- 200 times this month to date -- but it's always behaved so I rarely think to mention it here, even though I have no idea what it's doing, nor for whom.

Today it caught my eye because it's unusually active. Note that it simultaneously hails from wowrack.com IPs and Host names and does so routinely:

208-115-111-68-reverse.wowrack.com [projecthoneypot.org...]
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)
04:47:48 /robots.txt
06:50:08 /robots.txt

208.115.113.84 [projecthoneypot.org...]
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)
03:51:19 /robots.txt
06:51:44 /robots.txt
06:51:44 /robots.txt

(Aside: I block wowrack.com by name and 208.115.111.0/24 because it's a server farm. My notes show 216.176.176.0/20 was problematic in the past as well.)

Comments show Ezoom's not always well-behaved elsewhere: [projecthoneypot.org...]

What's the 4-1-1 on this critter anyway? Interestingly, robtex shows the IP, above, to be --

crawl3.dotnetdotcom.org [robtex.com...]

-- and with a not-so-hot DotBot history. [spambotsecurity.com...]

2010: "dotnetdotcom or DotBot" [webmasterworld.com...]
2008: "DotBot" [webmasterworld.com...]

Same, same, just with a new name?

Staffa

9:04 pm on Dec 19, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I see them come by several times a day as well and always with the same two IP numbers you mention

I have WowR also blocked and drawn up the bridge for DnDc org

NetRange: 208.115.113.80 - 208.115.113.95
CIDR: 208.115.113.80/28
NetName: 208-115-113-80-28-DOTNETDOTCOMDOTORG

NetRange: 208.115.111.64 - 208.115.111.79
CIDR: 208.115.111.64/28
NetName: 208-115-111-64-28-DOTNETDOTCOMDOTORG

keyplyr

9:31 pm on Dec 19, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I see ezooms hit a lot. Yesterday it requested robots.txt 17 times; never went any further. If it had, it would be blocked because I block:

Wowrack
208.115.96.0 - 208.115.127.255
208.115.96.0/19

It is not mentioned in robots.txt, so why it hit 17 times is very odd.

Pfui

10:13 pm on Dec 19, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

More hits since OP. I'm tempted to 403 its access to robots.txt to see what it's after (if anything).

lucy24

12:23 am on Dec 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Huh. This must be the first time I've blocked someone before you did ;) Well, I blocked DotBot by IP, so ezooms kinda came along for the ride. Besides, what kind of robot gives no information except a gmail address?

Pfui

1:29 am on Dec 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Oh, it's been blocked from the get-go, for, among other things, that bright, shining @ in the UA:)

But many times when you block access to robots.txt as well, bots basically spill their URI guts -- all requests for which are still 403'd. Makes for interesting reading.

keyplyr

1:45 am on Dec 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

My policy has always been that *all* bots have access to robots.txt, whether they're trouble makers or not. That's what the file is for - them, all of them.

I do block total access to many UAs that are irrelevant to robots.txt such as downloading tools, browser extensions/plug-ins, reformatting agents, etc.

Pfui

2:20 am on Dec 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

My policy has always been that *all* bots have access to robots.txt, whether they're trouble makers or not.

Ditto, of course.

All I'm saying is that one of these days, merely as an exercise, some of you might find denying access interesting, that's all. (For example, I was surprised to find out how many AmazonAWS Twitter swarmers subsequently went for pages other than tweeted URLs.)

Okay. Getting back to Ezooms. Which does read/heed robots.txt (where it's fully Disallowed) on my sites, but visits way, waaay too often. Whoever they are, they must have money/bandwidth/storage to burn.

Staffa

3:32 am on Dec 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I am not so lenient as to all bots = robots.txt, I have no intention of filling up this file with countless bots who a) may not read it, b) not heed it and c) from whom I don't want a visit any way. They all get wacked at the door.

Ezooms, for instance, first came countless times fetching robots.txt file but no other files though it would not have found a disallowed for itself since at that time it did not carry an identifiable bot name. Then I found out who was behind it (.net.com.org, who had been blocked in their crawling days since they have nothing to offer) and down the chute went Ezooms as far as I'm concerned.

There's just too much rot crawling the internet to waste too much time sifting through it all.

Pfui

2:34 am on Dec 24, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

This is getting silly:

208.115.113.84
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)

15:05:36 /robots.txt
17:19:12 /robots.txt
17:19:12 /robots.txt
17:47:01 /robots.txt
17:47:01 /robots.txt
18:14:33 /robots.txt
18:14:33 /robots.txt

That's just this afternoon, now totalling 267 hits this month. The twits.

jazzybee

12:03 am on Feb 20, 2012 (gmt 0)

10+ Year Member

I have a strong suspicion that this bot is from SEO Moz. Think about it. They are anagrams. SEOmoz ==> Ezooms. And SEO Moz uses Wowrack too, just like Ezooms. Both are based in Seattle.

It's all circumstantial evidence but too strong of a coincidence here.

g1smd

5:43 pm on Feb 23, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Dotbot is probably tied up with Moz in some way, so your assumptions might turn out right.

lucy24

12:18 am on Feb 24, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Is dotbot still doing its stuff? Quick look at raw logs says it hasn't been around since August. Even for a site as small as mine, that's a long gap.

I thought maybe I'd got complementary distribution-- one handing off to the other-- but up through July they were both coming around regularly.

g1smd

5:31 pm on May 27, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

DotBot seems to have vanished, but Ezooms is virulent.

frontpage

5:08 pm on Jun 1, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Here is my Mod Security 2.xx rule for Ezooms. Serves a forbidden server response.

SecRule HTTP_User-Agent "Ezooms" "deny,log,status:403"

dogweather

9:21 pm on Jul 4, 2012 (gmt 0)

10+ Year Member

I blocked the address block at the firewall. Once I see a misbehaved bot from an IP range, I decide that nothing good can come from that address space:

ufw insert 1 deny from 208.115.113.0/24