Welcome to WebmasterWorld Guest from 23.20.110.176

Forum Moderators: Ocean10000 & incrediBILL & keyplyr

Message Too Old, No Replies

checks.panopta.com User Agent

Another site monitor

     
8:20 pm on Feb 26, 2013 (gmt 0)

Preferred Member

5+ Year Member

joined:July 22, 2010
posts: 369
votes: 0


Hello all,

Caught this bot checking out my site:

5.63.145.nn - - [26/Feb/2013:03:08:22 -0500] "HEAD / HTTP/1.1" 301 - "-" "checks.panopta.com"

Didn't like what their site had to say (a competitor monitoring my site), so blocked it in htaccess. Didn't see anything about them in a search on webmasterworld, so thought I would just pass it along for your info. So far two IPs associated with this user agent:

5.63.145.nn
67.228.49.nnn

grandma
8:26 am on Feb 27, 2013 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6536
votes: 114




IMO both should be blocked by range:

5.63.145.0/29 #Hosting Services, GB (5.63.145.0 - 5.63.145.7)

67.228.0.0/16 #Softlayer (67.228.0.0 - 67.228.255.255)



Also, 50.22.185.51 is registered to Panopta.com, which is:

50.22.0.0/15 #Softlayer (50.22.0.0 - 50.23.255.255)
9:30 am on Feb 27, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


FWIW, I've the entire Class A 5. denied.
10:42 am on Feb 27, 2013 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6536
votes: 114




I remember, we had a discussion about it. There's huge ISPs in that A class, sonic.net & tarassul. Maybe not an asset to you, but maybe to others. Personally, I never know where traffic will start building from. 2 years ago I never got any natural human traffic from RU, now I get 3 digit daily. Sometimes they even buy stuff. China's the one I block with prejudice :)

[edited by: keyplyr at 10:48 am (utc) on Feb 27, 2013]

10:48 am on Feb 27, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


sonic.net


That's them modern day versions of drive-in restaurants were the car hops wear roller skates ;)
10:49 am on Feb 27, 2013 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6536
votes: 114


Yeah, but they wear cute skirts :)
11:35 am on Feb 27, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13210
votes: 347


FWIW, I've the entire Class A 5. denied.

I wish I could merrily lock out entire continents :) I stop at countries-- and so far there's only one of those. (I would love to lock out Saudi Arabia too, but I never get any visitors from there anyway so it would be amazingly pointless.)
11:55 am on Feb 27, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


I wish I could merrily lock out entire continents


lucy,
when I first started using htaccess (late-1999 or 2000) my primary goal was Korea and the UK.
Once I got into the ranges, it was genuinely easier (there was no GEO databases back then) to simply expand the countries, rather than separate the IP's for these two countries from the rest.

My widget content is what's makes designation of non-benefit more tangible.

My methods are certainly NOT an option for most webmasters.
11:58 am on Feb 27, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


FWIW, I've the entire Class A 5. denied.


I wish I could merrily lock out entire continents


You likely have the Class A's of 4 & 8 denied and their close to continents ;)
7:37 pm on Feb 27, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3121
votes: 3


5.63.145.0/29 should be 5.63.144.0/21
9:23 pm on Feb 27, 2013 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6536
votes: 114



5.63.145.0/29 should be 5.63.144.0/21

ya, thanks
4:46 am on Feb 28, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13210
votes: 347


You likely have the Class A's of 4 & 8 denied

Sad to say there are WebmasterWorld members at both locations :( Well, definitely at 4. And there are unsuspecting humans using assorted AV programs at 8. That is, AV programs that load the page before the human does; I don't hesitate to block the ones that check after the fact. ("I'm afraid you don't understand, your Majesty. The taster has to take the first bite, no matter how luscious it looks.")
5:47 am on Feb 28, 2013 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6536
votes: 114




You likely have the Class A's of 4 & 8 denied

Yes, at one time I did block:
4.0.0.0/8 #Level 3 (4.0.0.0 - 4.255.255.255)
8.0.0.0/8 #Level 3 (8.0.0.0 - 8.255.255.255)

But quickly discovered hundreds of daily humans never made it through.

I now no longer block 4 and only block a small part of 8:
8.28.16.0/23 #Level 3 (8.28.16.0 - 8.28.17.255)
8:39 am on Apr 16, 2013 (gmt 0)

New User

5+ Year Member

joined:Jan 5, 2009
posts: 3
votes: 0


Hi,
I found panopta.com in my weblogs recently, came across this thread, and added the following to .htaccess:

deny from 5.63.144.0/21
deny from 67.228.0.0/16
deny from 50.22.0.0/15


But yesterday I found a bunch of log entries like these:

ch15.lon.monitorengine.com - - [14/Apr/2013:00:43:20 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"
forever.alone.net - - [14/Apr/2013:00:43:20 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch06.slc.monitorengine.com - - [14/Apr/2013:00:43:21 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch15.lon.monitorengine.com - - [14/Apr/2013:00:58:20 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"
forever.alone.net - - [14/Apr/2013:00:58:21 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch01.slc.monitorengine.com - - [14/Apr/2013:00:58:34 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch15.lon.monitorengine.com - - [14/Apr/2013:01:13:21 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"
forever.alone.net - - [14/Apr/2013:01:13:21 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch05.slc.monitorengine.com - - [14/Apr/2013:01:13:22 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"
ch15.lon.monitorengine.com - - [14/Apr/2013:01:28:22 +0100] "HEAD / HTTP/1.1" 403 - "-" "checks.panopta.com"


Any suggestions on what ranges I should block? Using `host ch05.slc.monitorengine.com` and `whois 198.105.219.56` gives a vague IP range. For now, I've added

deny from *.monitorengine.com
deny from forever.alone.net

to my .htaccess file.
8:58 am on Apr 16, 2013 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6536
votes: 114


198.105.219.56 belongs to...

Hosting Services, Utah
198.105.208.0 - 198.105.223.255
198.105.208.0/20



ch15.lon.monitorengine.com is 66.228.52.108, which belongs to...

Linode Virtual Cloud Servers
66.228.32.0 - 66.228.63.255
66.228.32.0/19



forever.alone.net is 63.251.38.176, which belongs to...

Internap.com Hosting & Datacenters, Georgia
63.251.0.0 - 63.251.255.255
63.251.0.0/16


BTW - Hosting Services, Linode and Internap all have other ranges. These have been listed here in WW forums and can be found using the Search.

And just a FYI, referrers can (and often are) easily be spoofed.
1:52 pm on Apr 16, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


FWIW, unless you've your own server and have your logs intentionally configured to display in this manner?

ch01.slc.monitorengine.com - - [14/Apr/2013:00:58:34 +0100] "HEAD / HTTP/1.1" 200 - "-" "checks.panopta.com"

Rather, if your on shared hosting, the reason the logs dispaly in this manner is because the deny from's are enclosed in a container.