AppEngine-Google Revisited - Crawler, Spider, and User Agent ID forum at WebmasterWorld - WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

AppEngine-Google Revisited

Pfui

11:50 pm on Jan 16, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

AppEngine-Google's spawned countless crap apps over the years. [google.com...]

Less than three weeks into this new year, here are three more, all new to my sites, all from bare (no rDNS) IPs. In no particular order:

209.85.224.82
209.85.224.84
AppEngine-Google; (+http://code.google.com/appengine; appid: getfavicon)
robots.txt? NO

74.125.112.80
AppEngine-Google; (+http://code.google.com/appengine; appid: s~getfavicon27)
robots.txt? NO

74.125.92.89
AppEngine-Google; (+http://code.google.com/appengine; appid: s~nyinayminproxy1)
robots.txt? NO

74.125.64.95
Python-urllib/2.5 AppEngine-Google; (+http://code.google.com/appengine; appid: s~hr-pulsesubscriber)
robots.txt? NO

Beats heck outta me what those do or for whom because they do nothing for me. Neither do these AppEngine UAs, courtesy of PHP [projecthoneypot.org...] for just the latter's IP:

74.125.64.95's User Agent Strings
AppEngine-Google; (+http://code.google.com/appengine; appid: ambeaujean)
AppEngine-Google; (+http://code.google.com/appengine; appid: captainfigolu)
AppEngine-Google; (+http://code.google.com/appengine; appid: proxygeekcoke)
AppEngine-Google; (+http://code.google.com/appengine; appid: s~kushgenius)
AppEngine-Google; (+http://code.google.com/appengine; appid: srcbackdoor)
AppEngine-Google; (+http://code.google.com/appengine; appid: svceweb)

Those UAs are in addition to the following, from the same IP:

Mozilla/5.0 (compatible; GoogleDocs; +http://docs.google.com)
Mozilla/5.0 (en-us) AppleWebKit/534.14 (KHTML, like Gecko; Google Wireless Transcoder) Chrome/9.0.597 Safari/534.14
Mozilla/5.0 (Linux; U; Android 2.3.4; generic) AppleWebKit/534.51 (KHTML, like Gecko; Google Web Preview) Version/4.0 Mobile Safari/534.51
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.51 (KHTML, like Gecko; Google Web Preview) Chrome/12.0.742 Safari/534.51

AppEngine. CrapEngine. More and more, G's IPs pump nothing but sewage.

keyplyr

7:13 am on Jan 17, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I've banned them all by common UA attribute from the start, but allow the IP ranges.

lucy24

8:41 am on Jan 17, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

More faviconbots? What are they going to do with all those favicons-- form a union? Move to a tropical island and leave our sites with nothing but generic browser-globes? Timestamp tells me that my own favicon has been waiting patiently since August 2009 for me to get around to designing a proper one instead of just slapping on some colors to see if it works. Surprised it hasn't demanded a raise yet.

I thought the Wireless Transcoder did something legitimate. Forget what, but someone hereabouts explained it.

Wish I could make up my mind on Preview. Apart from the ongoing annoyance of having to tell it to keep the ### out of piwik, which it knows perfectly well has nothing to do with the appearance of the page, there's the dead certainty that it doesn't make people more likely to visit. Combined with the lively uncertainty about whether I'd be harming myself by blocking it altogether.

Oops. Different Forum.

There's a bing preview too. It hasn't deigned to visit me yet, but it cropped up recently in the art studio's logs next door. And just like g###s version it doesn't consider itself a robot and therefore doesn't have to look at no steenking robots.txt.

incrediBILL

8:45 am on Jan 17, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I've banned them all by common UA attribute from the start, but allow the IP ranges.

I do just the opposite for all SE IP ranges, block them all and whitelist only the stuff I want to let in.

They have all sorts of crap out there and it's just too crazy to attempt to track it the other way around.

Staffa

10:36 am on Jan 17, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I have both IP ranges banned, nothing useful coming from there for me ;o)

keyplyr

9:52 pm on Jan 17, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I do just the opposite for all SE IP ranges, block them all and whitelist only the stuff I want to let in.

Well that's just it, I want these ranges open because they deliver other things I like, just don't want the app developers weekly projects.

And I do whitelist and have been for years... if you were inferring I didn't :)

dstiles

10:40 pm on Jan 17, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I have 74.125.64.80 - 74.125.64.95 specifically banned for bad hits but a few days ago I blocked everything on the 74.125/16 range (because of the mocality fraud report) apart from about a dozen short ranges which are supposed to deliver "good" google stuff (eg translators); however, these also have a fair percentage of self-imposed blocks against them. I'm very close to blocking that range in toto.

We've all said it before: if google wants to be taken seriously it MUST allocate ranges for its own tools (eg translators, feed-readers etc) and shove all its apps dross onto a known blockable range. At least we know we can block all of AWS!

cyberdyne

6:38 pm on Feb 23, 2012 (gmt 0)

10+ Year Member

74.125.156.93
AppEngine-Google; (+http://code.google.com/appengine; appid: s~getfavicon27)
robots.txt? NO

lucy24

12:41 am on Feb 24, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I met two of them in January when I was tracking everything. Alongside the one you met-- mine was at 74.125.64.86 in the same neighborhood-- there was also a plain

AppEngine-Google; (+http://code.google.com/ appengine; appid: getfavicon)

It came in from 209.85.224.82 and apparently didn't know what it was doing, because it asked for

//.ico

like that.

dstiles

10:50 pm on Mar 19, 2012 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Further to my mention of google translate above... From a security expert interviewd by threatpost:

"For example, they might embed the [command and control] within an application layer that is then vectored through a a social media network or cloud service. Google Translate is the example I gave."