Welcome to WebmasterWorld Guest from 54.161.228.30

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

Server Farms - May 2013

Ongoing Hosting Data Center Discussion

   
8:14 pm on May 5, 2013 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Continuation of the March 2013 thread:
[webmasterworld.com...]
7:25 am on May 31, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





DataShack.net servers
142.54.160.0 - 142.54.191.255
142.54.160.0/19
7:52 am on Jun 1, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



SQL Injection 'probes, attempts' from 46.246.33.52 (anon-33-52.vpn.ipredator.se)

inetnum: 46.246.32.0 - 46.246.63.255
netname: PRIVACTUALLY-NET
route: 46.246.0.0/17

Parent DS ranges: Portlane Networks AB, Sweden: [bgp.he.net...]

We don't do orange on our servers, sorry.
11:04 am on Jun 1, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month




Thanks blend27. I block all anonymous proxy ranges. Didn't have this one.
8:23 am on Jun 2, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Another Datashack
192.151.144.0 - 192.151.159.255
192.151.144.0/20

Also a new (for me) FDCservers: 50.7/16

Which brings my list to:

50.7.0.0 - 50.7.255.255
50.7.0.0/16

66.90.64.0 - 66.90.127.255
66.90.64.0/18

67.159.0.0 - 67.159.63.255
67.159.0.0/18

76.73.0.0 - 76.73.127.255
76.73.0.0/17
11:14 am on Jun 2, 2013 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



198.211.103.85 - - [02/Jun/2013:03:04:40 -0600] "GET / HTTP/1.1" 403 775 "-" "-"

Digital Ocean, Inc.
DIGITALOCEAN-2 192.34.56.0 - 192.34.63.255 192.34.56.0/21
DIGITALOCEAN-3 192.81.208.0 - 192.81.223.255 192.81.208.0/20
DIGITALOCEAN-5 198.199.64.0 - 198.199.127.255 198.199.64.0/18
DIGITALOCEAN-4 198.211.96.0 - 198.211.127.255 198.211.96.0/19
DIGITALOCEAN-1 208.68.36.0 - 208.68.39.255 208.68.36.0/22
DIGITALOCEAN-V6-1 2604:A880:: - 2604:A880:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
4:54 pm on Jun 2, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



New softlayer range, registered January...

192.155.192.0 - 192.155.255.255
192.155.192.0/18

Datashack - I have
142.54.160.0 - 142.54.191.255
192.151.144.0 - 192.151.159.255
198.204.224.0 - 198.204.255.255

FDC Servers...

50.7.0.0 - 50.7.255.255
66.90.64.0 - 66.90.127.255
67.159.0.0 - 67.159.63.255
74.63.64.0 - 74.63.127.255
76.73.0.0 - 76.73.127.255
108.179.64.0 - 108.179.127.255
204.45.0.0 - 204.45.255.255
208.53.128.0 - 208.53.191.255

Digital Ocean...
82.196.0.0 - 82.196.15.255
185.14.184.0 - 185.14.187.255
192.34.56.0 - 192.34.63.255
192.81.208.0 - 192.81.223.255
198.199.64.0 - 198.199.127.255
198.211.96.0 - 198.211.127.255
208.68.36.0 - 208.68.39.255
8:32 am on Jun 12, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month




Fibergrid/Webexxpurts
151.237.184.0 - 151.237.185.255
151.237.184.0/23
6:26 pm on Jun 12, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



My list of Webexxpurts...

5.34.240.0 - 5.34.247.255
37.72.184.0 - 37.72.191.255
37.203.208.0 - 37.203.215.255
46.29.248.0 - 46.29.255.255
130.185.156.0 - 130.185.159.255
151.237.176.0 - 151.237.191.255
176.61.136.0 - 176.61.143.255
178.216.48.0 - 178.216.55.255
185.3.132.0 - 185.3.135.255

Mix of Sweden, Estonia and USA.

Not sure where fibregrid comes into it?
6:54 pm on Jun 12, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





Fibergrid is subleasing the 151.237.185.0/24 of Webexxpurts and caught scraping an entire site of mine. Thanks for the Webexxpurts ranges.
1:09 pm on Jun 30, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



inetnum: 81.7.13.0 - 81.7.13.255
netname: EUSERV-SRV-NET21
descr: EUserv Internet
descr: Customer Network #21
descr: Dedicated Rootserver Network

I am sure there are other ranges.

Caught trying to access honey pot.

81.7.13.161 - /foxyfrot - 403 - Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0
7:04 pm on Jul 1, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



The full range 81.7.0.0/18 belongs to (or is tagged as) ISPpro Internet of Germany. I have the following for ISPpro...

81.7.0.0 - 81.7.63.255
81.89.96.0 - 81.89.111.255
85.31.184.0 - 85.31.191.255
91.143.80.0 - 91.143.95.255

Firefox 6 is WAY out of date and probably a bot of some kind.
11:09 pm on Jul 1, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



@ dstiles re: ISPpro

Looks like broadband mixed in with web servers (much like Comcast.) Are you pinging for ports to tell the difference or just blocking categorically?
6:59 pm on Jul 2, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



You could be right but there are several open-port IPs in the random tests I made. Ports I've seen include HTTP/HTTPS, POP3 and SMTP, FTP and others. Those ports say to me server.

If it's a mixed range then tough on the DSL users: they should find a better-split provider. Even if the ranges are static IPs, there is not enough separation between hard-core users who send out bots and "genuine" DSL users.

I dislike and distrust ALL comcast hits but I have to leave them open for one of my customers. In the past 2 years I've logged over 1200 comcast "idiotic hits". On the other hand my customer has received some orders from those ranges. :(
7:01 pm on Jul 2, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Another Rackspace range hit me today, a Cloud based at:

162.13.0.0 - 162.13.15.255
12:11 pm on Jul 3, 2013 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Servepath/GoGrid

There are mentions in two threads (one recent and one old):

08.113.98.149 - - [03/Jul/2013:04:14:40 -0600] "GET /robots.txt HTTP/1.1" 200 1907 "-" "FlightDeckReportsBot/2.0 (http://www.flightdeckreports.com/pages/bot)"

Cloud Hosting and Dedicated server.

SERVEPATH-BLK5 173.1.0.0 - 173.1.255.255 173.1.0.0 - 173.1.255.255
SERVEPATH-BLK6 204.51.128.0 - 204.51.255.255 204.51.128.0/17
SERVEPATH-BLK3 208.96.0.0 - 208.96.63.255 208.96.0.0/18
SERVEPATH-BLK3 208.113.64.0 - 208.113.127.255 208.113.64.0/18
SERVEPATH-BLK5 216.121.0.0 - 216.121.127.255 216.121.0.0/17
ERVEPATH 216.93.160.0 - 216.93.191.255 216.93.160.0/19
SERVEPATH-BLK4 64.151.64.0 - 64.151.127.255 64.151.64.0/18
SERVEPATH-BLK2 69.59.128.0 - 69.59.191.255 69.59.128.0/18
SERVEPATH-IPV6 2607:F680:: - 2607:F680:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
6:58 pm on Jul 3, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



I have all of those as servepath but I have gogrid separately:

74.3.192.0 - 74.3.255.255
164.40.128.0 - 164.40.159.255 (NL)
173.204.0.0 - 173.204.255.255
173.244.64.0 - 173.244.79.255
8:32 pm on Jul 3, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





173.1.0.0 - 173.1.255.255
173.1.0.0/16
I have as GoGrid
9:11 pm on Jul 3, 2013 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



From their website FAQ:

"Is ServePath being acquired?

Absolutely not, ServePath and GoGrid have always been the same company; we are just changing our name."
end of quote

Thanks for the heads up guys.
Looking further, located these North American ranges that cover both names:
GOGRID-BLK3 173.204.0.0 - 173.204.255.255 173.204.0.0/16
GOGRID-BLK3 173.244.64.0 - 173.244.79.255 173.244.64.0/20
GOGRID-BLK1 74.3.192.0 - 74.3.255.255 74.3.192.0/18
7:55 pm on Jul 4, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



So gogrid is a new name for servepath or the other way around? Either way, I'm not really concerned: they are both blocked. :)
1:28 am on Jul 7, 2013 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



There's multiple references to this, and even comes up in the search results advertising ;)

OrgName: Lunar Pages (ADD2NET-DOT-COM)
64.50.180.203 - - [06/Jul/2013:07:54:32 -0600] "GET /MyFolder/ HTTP/1.1" 200 7286 "-" "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)"

No other requests!

ADDD2NET-DOT-COM 209.200.224.0 - 209.200.255.255 209.200.224.0/19
ADDD2NET-DOT-COM 216.227.208.0 - 216.227.223.255 216.227.208.0/20
ADD2NET-DOT-COM 216.97.224.0 - 216.97.239.255 216.97.224.0/20
ADD2NET-DOT-COM 64.50.160.0 - 64.50.191.255 64.50.160.0/19
ADD2NET-DOT-COM 66.102.128.0 - 66.102.143.255 66.102.128.0/20
ADD2NET-DOT-COM 67.210.96.0 - 67.210.127.255 67.210.96.0/19
ADDD2NET-DOT-COM 74.50.0.0 - 74.50.31.255 74.50.0.0/19
ADD2NET-DOT-COM 2606:BD00:: - 2606:BD00:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
10:29 pm on Jul 7, 2013 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



The dreaded Mixed Service IP, hot off the presses:

27.106.43.122 - - [07/Jul/2013:10:19:12 -0700] "GET /directory/page.html HTTP/1.1" 200 19055 "http://www.webmasterworld.com/profilev4.cgi?action=view&member=lucy24" "Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0"

HARRUMPH!

Free lookup says 27.106.0.0/17 is Syscon Infoway, based in Mumbai, which professes to be-- and probably is-- an ISP.
7:13 pm on Jul 8, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month





Buyurl
217.195.202.0 - 217.195.202.127
217.195.202.0/25
3:36 am on Jul 9, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month




ELAN, Poland
91.236.74.0 - 91.236.75.255
91.236.74.0/23
1:07 am on Jul 10, 2013 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



And now the good news...

For ages I'd had
91.201.64.0/22 ("bulletproof-web", Russia)
blocked on grounds of general robotitude.

Guess it wasn't as bulletproof as they thought; the range currently seems to be unassigned. RIPE being RIPE, you would expect this situation to last five or ten minutes, tops. But they may have closed up shop as long as six months ago.
2:17 am on Jul 10, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month




DonEkoService
91.201.64.0 - 91.201.67.255
91.201.64.0/22

I've had bad hits coming from this range in the past.
7:45 pm on Jul 10, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Lucy - I had that range listed as MHost but yes, not currently allocated, it seems. It's possible it fell to the latest round of exploiter shut-downs - there has been a fair amount of activity in recent months, causing a flurry of new bot activity from those attempting to create more robust botnets.

Following up through ixquick and entering the starting IP brings up a result from nanog which states the range was hijacked last August from DonEkoService (which they say was dodgy anyway). Maybe it was just reclaimed by RIPE.
6:20 am on Jul 12, 2013 (gmt 0)

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month



A new (for me anyway) DataShack just showed up July 7:
74.91.16.0 - 74.91.31.255 74.91.16.0/20
74.91.18.224 - 74.91.18.231 74.91.18.224/29

UA: -
8:55 am on Jul 12, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



@not2easy Thanls for the DataShack

Amernet cloud & VoIP
209.21.64.0 - 209.21.95.255
209.21.64.0/19
4:37 pm on Jul 12, 2013 (gmt 0)

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month



Another one: GO-DADDY-NETHERLANDS-BV
146.255.32.0 - 146.255.35.255
I blocked the whole 146.255.0.0/16 because this is a sub-range in NetRange: 146.255.0.0 - 146.255.255.255 and found on a non public site and they were trying very hard to do sql injections. UA: "T34m 0x68583052" another scan from this IP had UA: "-"

From WIRESIX: 98.142.208.0 - 98.142.223.255 98.142.208.0/20
UA: "Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2"

From TEDE-LLU: 95.112.0.0 - 95.115.255.255 95.112.0.0/13
UA: "Java/1.7.0_07"

From SOFTLAYER-4-3: 75.126.0.0 - 75.126.255.255 75.126.0.0/16
UA: "Python-urllib/1.17"

From AFOCELCA (Portugal):213.58.195.224 - 213.58.195.231 213.58.192.0/21
"GET /w00tw00t.at.ISC.SANS.Win32:) HTTP/1.1" 400 289 "-" "-"
No UA, the requested file is not on this server but I get a lot of requests for it, it must be popular...and vulnerable.
5:47 pm on Jul 12, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Another one: GO-DADDY-NETHERLANDS-BV
146.255.32.0 - 146.255.35.255
I blocked the whole 146.255.0.0/16 because this is a sub-range in NetRange: 146.255.0.0 - 146.255.255.255

Thanks for the GDaddy range. However, I would reconsider blocking the /16. There *are* public areas in there. For example:
Surebroadband
146.255.0.0 - 146.255.0.127
This 103 message thread spans 4 pages: 103