Welcome to WebmasterWorld Guest from 54.166.87.123

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

checks.panopta.com User Agent

Another site monitor

   
8:20 pm on Feb 26, 2013 (gmt 0)



Hello all,

Caught this bot checking out my site:

5.63.145.nn - - [26/Feb/2013:03:08:22 -0500] "HEAD / HTTP/1.1" 301 - "-" "checks.panopta.com"

Didn't like what their site had to say (a competitor monitoring my site), so blocked it in htaccess. Didn't see anything about them in a search on webmasterworld, so thought I would just pass it along for your info. So far two IPs associated with this user agent:

5.63.145.nn
67.228.49.nnn

grandma
8:26 am on Feb 27, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





IMO both should be blocked by range:

5.63.145.0/29 #Hosting Services, GB (5.63.145.0 - 5.63.145.7)

67.228.0.0/16 #Softlayer (67.228.0.0 - 67.228.255.255)



Also, 50.22.185.51 is registered to Panopta.com, which is:

50.22.0.0/15 #Softlayer (50.22.0.0 - 50.23.255.255)
9:30 am on Feb 27, 2013 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



FWIW, I've the entire Class A 5. denied.
10:42 am on Feb 27, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





I remember, we had a discussion about it. There's huge ISPs in that A class, sonic.net & tarassul. Maybe not an asset to you, but maybe to others. Personally, I never know where traffic will start building from. 2 years ago I never got any natural human traffic from RU, now I get 3 digit daily. Sometimes they even buy stuff. China's the one I block with prejudice :)

[edited by: keyplyr at 10:48 am (utc) on Feb 27, 2013]

10:48 am on Feb 27, 2013 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



sonic.net


That's them modern day versions of drive-in restaurants were the car hops wear roller skates ;)
10:49 am on Feb 27, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Yeah, but they wear cute skirts :)
11:35 am on Feb 27, 2013 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



FWIW, I've the entire Class A 5. denied.

I wish I could merrily lock out entire continents :) I stop at countries-- and so far there's only one of those. (I would love to lock out Saudi Arabia too, but I never get any visitors from there anyway so it would be amazingly pointless.)
11:55 am on Feb 27, 2013 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I wish I could merrily lock out entire continents


lucy,
when I first started using htaccess (late-1999 or 2000) my primary goal was Korea and the UK.
Once I got into the ranges, it was genuinely easier (there was no GEO databases back then) to simply expand the countries, rather than separate the IP's for these two countries from the rest.

My widget content is what's makes designation of non-benefit more tangible.

My methods are certainly NOT an option for most webmasters.
11:58 am on Feb 27, 2013 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



FWIW, I've the entire Class A 5. denied.


I wish I could merrily lock out entire continents


You likely have the Class A's of 4 & 8 denied and their close to continents ;)
7:37 pm on Feb 27, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



5.63.145.0/29 should be 5.63.144.0/21
9:23 pm on Feb 27, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month




5.63.145.0/29 should be 5.63.144.0/21

ya, thanks
4:46 am on Feb 28, 2013 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



You likely have the Class A's of 4 & 8 denied

Sad to say there are WebmasterWorld members at both locations :( Well, definitely at 4. And there are unsuspecting humans using assorted AV programs at 8. That is, AV programs that load the page before the human does; I don't hesitate to block the ones that check after the fact. ("I'm afraid you don't understand, your Majesty. The taster has to take the first bite, no matter how luscious it looks.")
5:47 am on Feb 28, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





You likely have the Class A's of 4 & 8 denied

Yes, at one time I did block:
4.0.0.0/8 #Level 3 (4.0.0.0 - 4.255.255.255)
8.0.0.0/8 #Level 3 (8.0.0.0 - 8.255.255.255)

But quickly discovered hundreds of daily humans never made it through.

I now no longer block 4 and only block a small part of 8:
8.28.16.0/23 #Level 3 (8.28.16.0 - 8.28.17.255)
8:39 am on Apr 16, 2013 (gmt 0)

5+ Year Member



Hi,
I found panopta.com in my weblogs recently, came across this thread, and added the following to .htaccess:

deny from 5.63.144.0/21
deny from 67.228.0.0/16
deny from 50.22.0.0/15


But yesterday I found a bunch of log entries like these:

ch15.lon.monitorengine.com - - [14/Apr/2013:00:43:20 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"
forever.alone.net - - [14/Apr/2013:00:43:20 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch06.slc.monitorengine.com - - [14/Apr/2013:00:43:21 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch15.lon.monitorengine.com - - [14/Apr/2013:00:58:20 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"
forever.alone.net - - [14/Apr/2013:00:58:21 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch01.slc.monitorengine.com - - [14/Apr/2013:00:58:34 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch15.lon.monitorengine.com - - [14/Apr/2013:01:13:21 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"
forever.alone.net - - [14/Apr/2013:01:13:21 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch05.slc.monitorengine.com - - [14/Apr/2013:01:13:22 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch15.lon.monitorengine.com - - [14/Apr/2013:01:28:22 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"


Any suggestions on what ranges I should block? Using `host ch05.slc.monitorengine.com` and `whois 198.105.219.56` gives a vague IP range. For now, I've added

deny from *.monitorengine.com
deny from forever.alone.net

to my .htaccess file.
8:58 am on Apr 16, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



198.105.219.56 belongs to...

Hosting Services, Utah
198.105.208.0 - 198.105.223.255
198.105.208.0/20



ch15.lon.monitorengine.com is 66.228.52.108, which belongs to...

Linode Virtual Cloud Servers
66.228.32.0 - 66.228.63.255
66.228.32.0/19



forever.alone.net is 63.251.38.176, which belongs to...

Internap.com Hosting & Datacenters, Georgia
63.251.0.0 - 63.251.255.255
63.251.0.0/16


BTW - Hosting Services, Linode and Internap all have other ranges. These have been listed here in WW forums and can be found using the Search.

And just a FYI, referrers can (and often are) easily be spoofed.
1:52 pm on Apr 16, 2013 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



FWIW, unless you've your own server and have your logs intentionally configured to display in this manner?

ch01.slc.monitorengine.com - - [14/Apr/2013:00:58:34 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"

Rather, if your on shared hosting, the reason the logs dispaly in this manner is because the deny from's are enclosed in a container.