Welcome to WebmasterWorld Guest from 23.20.230.24

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

ChinaCache North America

     
1:32 am on Jul 13, 2012 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



NetRange: 69.28.48.0 - 69.28.63.255

Looking for any intel on this operation as I'm seeing quite a bit of roque stuff coming from ChinaCache.
1:46 am on Jul 13, 2012 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month




This is what I have for ChinaCache:

65.255.32.0 - 65.255.47.255
65.255.32.0/20

69.28.48.0 - 69.28.63.255
69.28.48.0/20

106.48.0.0 - 106.49.255.255
106.48.0.0/15

These ranges all earned their block through various bad behavior, however I cannot define exactly what the term ChinaCache means. Is it truly a caching service used by valid networks similar to AOL? Or is it an anything goes term more like YahooCache that gets sold to the highest bidder?
1:50 am on Jul 13, 2012 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Yeowch! I'd only got them down for 69.28.58. The whole 48/20 eh?

I have never had the slightest idea what ChinaCache does. (Does anyone?) I just ban 'em on principle.
2:12 am on Jul 13, 2012 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Here's another
CHINACACHE-2 (NET-209-177-80-0-1) 209.177.80.0 - 209.177.95.255

Believe they are just server farms.

The lower ip of keyplr's frst range is a sub-net to a North American based corp:
NeuSky Technologies Inc CNA-LA-NSK-001 (NET-65-255-32-0-2) 65.255.32.0 - 65.255.35.255

I had the three you folks agreed upon denid from an April 6th Nutch request [webmasterworld.com].

Getting ready to add in the 209.177...
7:28 pm on Jul 13, 2012 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



I posted a bit about them a couple of years ago.

They were (are?) the processors behind TalkTalk's so-called anti-virus tool that comes calling on web sites AFTER the poor sap has downloaded (and presumably been trojanned by) a web page.

I have 69.28.48.0 - 69.28.63.255 blocked in the server's firewall for excessive activity.

The 106/8 range has only recently been allocated (Jan 2011) and I didn't see 106.48.0.0/15 until April this year.

Refs (at least these) (I searched on ixquick for webmasterworld talktalk):

[webmasterworld.com...]

[webmasterworld.com...]
8:50 pm on Jul 13, 2012 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Thanks guys.

I actually had two IP ranges for them, didn't know about the others.

Off to install the Great Firewall of ChinaCache
10:04 pm on Jul 14, 2012 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Not sure how true this is - there is some indication it may be a panic attack. From memory and checking back on earlier threads hereabouts (see above) I think Huawei is involved with chinacache - they were certainly involved with talktalk.

"...former Pentagon analyst F. Michael Maloof claims that two mainland Chinese companies: Huawei and ZTE Technologies are providing the Chinese government with the ability to access deployed equipment and services, which are used by 45 of the top 50 telecommunications centers in the world. This, Maloof argues, gives the Chinese government and People’s Liberation Army unbridled, backdoor access into data and proprietary information belonging to some 140 nations."

[threatpost.com...]

IF it is true then we're doomed. Not that the internet isn't a total mess anyway, with almost every phone, web browser, web tool and general computer software full of compromises and loopholes and its very protocol complete exploitable rubbish. Reports that USA-overflying drones will soon be seen and have major exploit holes; even our (UK) electricity meters will soon be internetted and then we're really stuffed. :(
12:26 am on Jul 15, 2012 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



If you really want to be paranoid, think only of what proportion of your home electronics was made in China ;)

Or look for something that was not made in China. That's faster.
7:45 pm on Jul 15, 2012 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



But most of my home electronics was a) built before China became a source for such things and b) only the computers (currently) connect to the internet. :)
3:32 pm on Aug 26, 2012 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Further to Chinacache:

I noticed a bad hit today on an IP range new to me...

223.202.0.0/15

This resolved to ChinaCache in China, declared in DNS in short sub-ranges. It may not be an offensive botrunner, although the actual hit had a bad UA and hit half a dozen times in the past 6 weeks, but I've tagged the full range as "servers" through nostalgia. :)

IP: 223.202.8.nn
UA: Mozilla/4.76 [en] (Windows NT 5.0; U)
(Netscape on Windows 2000?)

DNS gives:
Beijing Blue I.T Technologies Co.,Ltd.
Galaxy Building,No.10 jiuxianqiao ,chaoyang
District,beijing
Please contact (name)@chinacache dot com if you have any Questions regarding this object.
9:15 pm on Aug 26, 2012 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



:: detour to htaccess ::

Ouch! Thanks for that. I thought I'd blocked everything from China sized /16 on up but somehow missed most of 223.

:: further shuffling of papers ::

If I've got them labeled right, that's

223.0.0.0/12
223.20.0.0/15
223.64.0.0/11
223.96.0.0/12
223.112.0.0/14
223.116.0.0/15
223.120.0.0/13
223.128.0.0/15
223.144.0.0/12
223.160.0.0/14
223.166.0.0/15
223.192.0.0/15
223.198.0.0/15
223.201
223.202.0.0/15
223.208.0.0/13
223.220.0.0/15
223.240.0.0/13
223.248.0.0/14

Pity about those blasted Australians, or English-language sites could just block APNIC in merry /8 slabs ;)
8:57 pm on Aug 27, 2012 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



I find there are good and bad chinese ranges. Some give me no trouble, other ranges are continually having IPs blocked.

Best I can come up with at present is by district. Some chinese districts seem - not lawless, perhaps, but at least careless at getting infected.

My response is to block all (known) chinese ranges on some sites but let other sites fend for themselves (obviously depending on various other traps set). If a range gets a high blocked-IP count the /16 or whatever is banned completely.

I do try to be fair. :)

Re: /8 blocking - I think IANA have a lot to answer for. Along with most internet practices and protocols, it's not very clever. Somewhere around the mid-1990s it should all have been scrapped and proper mechanisms, ranges, protocols etc put in place. Bit late, now, although ipv6 may answer a few minor criticisms. Plus ALL DNS registrations should be forced to declare purpose (DLS, server etc) and NO IP range should be registered using hotmail/gmail/yahoo/etc addresses (unless, obviously, the range belongs to those companies). And ALL companies should be compelled to declare their mail server IPs so I can whitelist the darn things. Etc. :(
7:10 pm on Aug 28, 2012 (gmt 0)

5+ Year Member



Hello from a blasted Australian. :)

Until the late 1990s we had AUNIC with its own delegated super slice of 203 (203.0.0.0 - 203.63.255.255 IIRC), so detecting an Aussie was reasonably easy. There were still a few webmasters that thought blocking 203.0.0.0/8 was the easy answer to getting rid of Chinese IPs, though.

Things are nowhere near as simple these days now that APNIC allocates IPs for members located throughout the entire Asia Pacific region, so blocking Chinese or other unwanted asian IPs needs to be done on a per allocation basis.

FWIW I've been having lots of problems with scrapers from Chinese IPs that present a 'zh' (Chinese) browser language. I set up my auto-blacklist code (which looks for fingerprints such as loads with blank referers, cookies disabled, or a changing user-agent each fetch) to have a much lower threshold in this case.
7:37 pm on Aug 28, 2012 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Hello from a blasted Australian.


rowan,
The task is much simpler if you just bunch the Aussies and Kiwis into the same group, despite their indifference's ;)

In 2002 the major Class A's were (14|144|20[23]|21[01]|61), (with specific sub-classes) which has changed considerably in a decade.
These days the numbers are all over the place.
7:33 pm on Dec 1, 2012 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



New ChinaCache range today:

199.190.44.0 - 199.190.47.255
ChinaCache North America, Inc
8:45 pm on Dec 1, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Per Wiki:
ChinaCache is a content delivery, streaming media, cloud computing service provider in China.

BLEH
8:57 pm on Dec 1, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



199.190.44.0 US Los Angeles, California, United States9001534.0396, -118.2661

ChinaCache North America Kunlun Games
 

Featured Threads

Hot Threads This Week

Hot Threads This Month