Welcome to WebmasterWorld Guest from 54.167.102.69

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

Server Farms - May 2013

Ongoing Hosting Data Center Discussion

     
8:14 pm on May 5, 2013 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14622
votes: 87


Continuation of the March 2013 thread:
[webmasterworld.com...]
7:25 am on May 31, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64




DataShack.net servers
142.54.160.0 - 142.54.191.255
142.54.160.0/19
7:52 am on June 1, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2004
posts:1665
votes: 35


SQL Injection 'probes, attempts' from 46.246.33.52 (anon-33-52.vpn.ipredator.se)

inetnum: 46.246.32.0 - 46.246.63.255
netname: PRIVACTUALLY-NET
route: 46.246.0.0/17

Parent DS ranges: Portlane Networks AB, Sweden: [bgp.he.net...]

We don't do orange on our servers, sorry.
11:04 am on June 1, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64



Thanks blend27. I block all anonymous proxy ranges. Didn't have this one.
8:23 am on June 2, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64


Another Datashack
192.151.144.0 - 192.151.159.255
192.151.144.0/20

Also a new (for me) FDCservers: 50.7/16

Which brings my list to:

50.7.0.0 - 50.7.255.255
50.7.0.0/16

66.90.64.0 - 66.90.127.255
66.90.64.0/18

67.159.0.0 - 67.159.63.255
67.159.0.0/18

76.73.0.0 - 76.73.127.255
76.73.0.0/17
11:14 am on June 2, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5408
votes: 2


198.211.103.85 - - [02/Jun/2013:03:04:40 -0600] "GET / HTTP/1.1" 403 775 "-" "-"

Digital Ocean, Inc.
DIGITALOCEAN-2 192.34.56.0 - 192.34.63.255 192.34.56.0/21
DIGITALOCEAN-3 192.81.208.0 - 192.81.223.255 192.81.208.0/20
DIGITALOCEAN-5 198.199.64.0 - 198.199.127.255 198.199.64.0/18
DIGITALOCEAN-4 198.211.96.0 - 198.211.127.255 198.211.96.0/19
DIGITALOCEAN-1 208.68.36.0 - 208.68.39.255 208.68.36.0/22
DIGITALOCEAN-V6-1 2604:A880:: - 2604:A880:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
4:54 pm on June 2, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


New softlayer range, registered January...

192.155.192.0 - 192.155.255.255
192.155.192.0/18

Datashack - I have
142.54.160.0 - 142.54.191.255
192.151.144.0 - 192.151.159.255
198.204.224.0 - 198.204.255.255

FDC Servers...

50.7.0.0 - 50.7.255.255
66.90.64.0 - 66.90.127.255
67.159.0.0 - 67.159.63.255
74.63.64.0 - 74.63.127.255
76.73.0.0 - 76.73.127.255
108.179.64.0 - 108.179.127.255
204.45.0.0 - 204.45.255.255
208.53.128.0 - 208.53.191.255

Digital Ocean...
82.196.0.0 - 82.196.15.255
185.14.184.0 - 185.14.187.255
192.34.56.0 - 192.34.63.255
192.81.208.0 - 192.81.223.255
198.199.64.0 - 198.199.127.255
198.211.96.0 - 198.211.127.255
208.68.36.0 - 208.68.39.255
8:32 am on June 12, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64



Fibergrid/Webexxpurts
151.237.184.0 - 151.237.185.255
151.237.184.0/23
6:26 pm on June 12, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


My list of Webexxpurts...

5.34.240.0 - 5.34.247.255
37.72.184.0 - 37.72.191.255
37.203.208.0 - 37.203.215.255
46.29.248.0 - 46.29.255.255
130.185.156.0 - 130.185.159.255
151.237.176.0 - 151.237.191.255
176.61.136.0 - 176.61.143.255
178.216.48.0 - 178.216.55.255
185.3.132.0 - 185.3.135.255

Mix of Sweden, Estonia and USA.

Not sure where fibregrid comes into it?
6:54 pm on June 12, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64




Fibergrid is subleasing the 151.237.185.0/24 of Webexxpurts and caught scraping an entire site of mine. Thanks for the Webexxpurts ranges.
1:09 pm on June 30, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2004
posts:1665
votes: 35


inetnum: 81.7.13.0 - 81.7.13.255
netname: EUSERV-SRV-NET21
descr: EUserv Internet
descr: Customer Network #21
descr: Dedicated Rootserver Network

I am sure there are other ranges.

Caught trying to access honey pot.

81.7.13.161 - /foxyfrot - 403 - Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0
7:04 pm on July 1, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


The full range 81.7.0.0/18 belongs to (or is tagged as) ISPpro Internet of Germany. I have the following for ISPpro...

81.7.0.0 - 81.7.63.255
81.89.96.0 - 81.89.111.255
85.31.184.0 - 85.31.191.255
91.143.80.0 - 91.143.95.255

Firefox 6 is WAY out of date and probably a bot of some kind.
11:09 pm on July 1, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64


@ dstiles re: ISPpro

Looks like broadband mixed in with web servers (much like Comcast.) Are you pinging for ports to tell the difference or just blocking categorically?
6:59 pm on July 2, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


You could be right but there are several open-port IPs in the random tests I made. Ports I've seen include HTTP/HTTPS, POP3 and SMTP, FTP and others. Those ports say to me server.

If it's a mixed range then tough on the DSL users: they should find a better-split provider. Even if the ranges are static IPs, there is not enough separation between hard-core users who send out bots and "genuine" DSL users.

I dislike and distrust ALL comcast hits but I have to leave them open for one of my customers. In the past 2 years I've logged over 1200 comcast "idiotic hits". On the other hand my customer has received some orders from those ranges. :(
7:01 pm on July 2, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


Another Rackspace range hit me today, a Cloud based at:

162.13.0.0 - 162.13.15.255
12:11 pm on July 3, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5408
votes: 2


Servepath/GoGrid

There are mentions in two threads (one recent and one old):

08.113.98.149 - - [03/Jul/2013:04:14:40 -0600] "GET /robots.txt HTTP/1.1" 200 1907 "-" "FlightDeckReportsBot/2.0 (http://www.flightdeckreports.com/pages/bot)"

Cloud Hosting and Dedicated server.

SERVEPATH-BLK5 173.1.0.0 - 173.1.255.255 173.1.0.0 - 173.1.255.255
SERVEPATH-BLK6 204.51.128.0 - 204.51.255.255 204.51.128.0/17
SERVEPATH-BLK3 208.96.0.0 - 208.96.63.255 208.96.0.0/18
SERVEPATH-BLK3 208.113.64.0 - 208.113.127.255 208.113.64.0/18
SERVEPATH-BLK5 216.121.0.0 - 216.121.127.255 216.121.0.0/17
ERVEPATH 216.93.160.0 - 216.93.191.255 216.93.160.0/19
SERVEPATH-BLK4 64.151.64.0 - 64.151.127.255 64.151.64.0/18
SERVEPATH-BLK2 69.59.128.0 - 69.59.191.255 69.59.128.0/18
SERVEPATH-IPV6 2607:F680:: - 2607:F680:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
6:58 pm on July 3, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


I have all of those as servepath but I have gogrid separately:

74.3.192.0 - 74.3.255.255
164.40.128.0 - 164.40.159.255 (NL)
173.204.0.0 - 173.204.255.255
173.244.64.0 - 173.244.79.255
8:32 pm on July 3, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64




173.1.0.0 - 173.1.255.255
173.1.0.0/16
I have as GoGrid
9:11 pm on July 3, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5408
votes: 2


From their website FAQ:

"Is ServePath being acquired?

Absolutely not, ServePath and GoGrid have always been the same company; we are just changing our name."
end of quote

Thanks for the heads up guys.
Looking further, located these North American ranges that cover both names:
GOGRID-BLK3 173.204.0.0 - 173.204.255.255 173.204.0.0/16
GOGRID-BLK3 173.244.64.0 - 173.244.79.255 173.244.64.0/20
GOGRID-BLK1 74.3.192.0 - 74.3.255.255 74.3.192.0/18
7:55 pm on July 4, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


So gogrid is a new name for servepath or the other way around? Either way, I'm not really concerned: they are both blocked. :)
1:28 am on July 7, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5408
votes: 2


There's multiple references to this, and even comes up in the search results advertising ;)

OrgName: Lunar Pages (ADD2NET-DOT-COM)
64.50.180.203 - - [06/Jul/2013:07:54:32 -0600] "GET /MyFolder/ HTTP/1.1" 200 7286 "-" "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)"

No other requests!

ADDD2NET-DOT-COM 209.200.224.0 - 209.200.255.255 209.200.224.0/19
ADDD2NET-DOT-COM 216.227.208.0 - 216.227.223.255 216.227.208.0/20
ADD2NET-DOT-COM 216.97.224.0 - 216.97.239.255 216.97.224.0/20
ADD2NET-DOT-COM 64.50.160.0 - 64.50.191.255 64.50.160.0/19
ADD2NET-DOT-COM 66.102.128.0 - 66.102.143.255 66.102.128.0/20
ADD2NET-DOT-COM 67.210.96.0 - 67.210.127.255 67.210.96.0/19
ADDD2NET-DOT-COM 74.50.0.0 - 74.50.31.255 74.50.0.0/19
ADD2NET-DOT-COM 2606:BD00:: - 2606:BD00:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
10:29 pm on July 7, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

joined:Apr 9, 2011
posts:12702
votes: 244


The dreaded Mixed Service IP, hot off the presses:

27.106.43.122 - - [07/Jul/2013:10:19:12 -0700] "GET /directory/page.html HTTP/1.1" 200 19055 "http://www.webmasterworld.com/profilev4.cgi?action=view&member=lucy24" "Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0"

HARRUMPH!

Free lookup says 27.106.0.0/17 is Syscon Infoway, based in Mumbai, which professes to be-- and probably is-- an ISP.
7:13 pm on July 8, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64




Buyurl
217.195.202.0 - 217.195.202.127
217.195.202.0/25
3:36 am on July 9, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64



ELAN, Poland
91.236.74.0 - 91.236.75.255
91.236.74.0/23
1:07 am on July 10, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

joined:Apr 9, 2011
posts:12702
votes: 244


And now the good news...

For ages I'd had
91.201.64.0/22 ("bulletproof-web", Russia)
blocked on grounds of general robotitude.

Guess it wasn't as bulletproof as they thought; the range currently seems to be unassigned. RIPE being RIPE, you would expect this situation to last five or ten minutes, tops. But they may have closed up shop as long as six months ago.
2:17 am on July 10, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64



DonEkoService
91.201.64.0 - 91.201.67.255
91.201.64.0/22

I've had bad hits coming from this range in the past.
7:45 pm on July 10, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3091
votes: 2


Lucy - I had that range listed as MHost but yes, not currently allocated, it seems. It's possible it fell to the latest round of exploiter shut-downs - there has been a fair amount of activity in recent months, causing a flurry of new bot activity from those attempting to create more robust botnets.

Following up through ixquick and entering the starting IP brings up a result from nanog which states the range was hijacked last August from DonEkoService (which they say was dodgy anyway). Maybe it was just reclaimed by RIPE.
6:20 am on July 12, 2013 (gmt 0)

Moderator from US 

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:2562
votes: 48


A new (for me anyway) DataShack just showed up July 7:
74.91.16.0 - 74.91.31.255 74.91.16.0/20
74.91.18.224 - 74.91.18.231 74.91.18.224/29

UA: -
8:55 am on July 12, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64


@not2easy Thanls for the DataShack

Amernet cloud & VoIP
209.21.64.0 - 209.21.95.255
209.21.64.0/19
4:37 pm on July 12, 2013 (gmt 0)

Moderator from US 

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:2562
votes: 48


Another one: GO-DADDY-NETHERLANDS-BV
146.255.32.0 - 146.255.35.255
I blocked the whole 146.255.0.0/16 because this is a sub-range in NetRange: 146.255.0.0 - 146.255.255.255 and found on a non public site and they were trying very hard to do sql injections. UA: "T34m 0x68583052" another scan from this IP had UA: "-"

From WIRESIX: 98.142.208.0 - 98.142.223.255 98.142.208.0/20
UA: "Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2"

From TEDE-LLU: 95.112.0.0 - 95.115.255.255 95.112.0.0/13
UA: "Java/1.7.0_07"

From SOFTLAYER-4-3: 75.126.0.0 - 75.126.255.255 75.126.0.0/16
UA: "Python-urllib/1.17"

From AFOCELCA (Portugal):213.58.195.224 - 213.58.195.231 213.58.192.0/21
"GET /w00tw00t.at.ISC.SANS.Win32:) HTTP/1.1" 400 289 "-" "-"
No UA, the requested file is not on this server but I get a lot of requests for it, it must be popular...and vulnerable.
5:47 pm on July 12, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5803
votes: 64


Another one: GO-DADDY-NETHERLANDS-BV
146.255.32.0 - 146.255.35.255
I blocked the whole 146.255.0.0/16 because this is a sub-range in NetRange: 146.255.0.0 - 146.255.255.255

Thanks for the GDaddy range. However, I would reconsider blocking the /16. There *are* public areas in there. For example:
Surebroadband
146.255.0.0 - 146.255.0.127
This 103 message thread spans 4 pages: 103
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members