Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & keyplyr

Message Too Old, No Replies

good riddance to bad robots

11:46 pm on Jun 15, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
votes: 541

For people looking to fatten their Deny lists, here's the result of some recent housecleaning. I'm currently afflicted by two botnets that I know as the "indexphp botnet" and the "hovercraft" botnet because of their site-specific behavior. No idea what the robots' underlying script is; obviously they haven't singled me out among all the world's billions of www sites :) and ..20
>> Sweden, may be some kind of proxy, assigned to "webexxpurts" (sic) belonging to one Deepak Mehta with address in Tallinn, no country specified. ("That's funny! You don't look Estonian.") (exact but repeated)
>> Germany 23media and/or NodeDeploy (Something about the name element "Node" makes me instantly suspicious.) and ..250.75
>> Singlehop (can you put "Singlehop" and "benefit of the doubt" into the same sentence?)
>> assorted places involving... well, fancy that. Two different people don't know how to spell "experts", and they both have the same name (in fairness, there do exist men in English-speaking countries whose name truly is John Smith) and live at the same address in Tallinn. Guess he assumes IANA knows what country it's in. and ..113.252
>> US Eonix Corp., hosting and colo, nuff said
Bit of a headscratcher here. Do we go with UK (BurstNet) or further east (packetlabs.ro) or still further east (address entirely in Chinese, and it's not because browser has inadvertently changed to UTF-16).
Aah, the heck with it, let's just lock out the whole and ..204.145
>> PegTech range mentioned elsewhere. The exact area 204.72-79 seems to belong to someone in China, but not worth investigating closer.
>> OVH Montreal (I cannot get the initials O,V,H to stand for "Francophone robot" but that seems to be what it means) and ..46
>> Avante Hosting, somewhere in Canada. This is a recently opened range. Don't have exact dates, but a few months ago it was on my bogons list. and ..159.79
>> Singlehop. Yawn.
>> (NodesDirect, see above about name elements that can only cause suspicion) but it turns out I've met other robots from the neighborhood so let's proceed directly to
>> T.E.S.T. Where would a botnet be without a Ukrainian?, ..9, ..12, ..14, ..16
very active neighborhood, unique in offering representatives of both my current botnets. Another head-scratcher, because it goes back to
in an apparently human Turkish range, and I do meet the occasional human from Turkey, so let's compromise with
which looks as if it's sublet to someone in Austria.
7:16 pm on June 16, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
votes: 4

Thanks, Lucy.

I had all but two of those ranges blocked; extras now added.

And thanks for starting an IP on its own line: makes it much easier and quicker to paste the IP into my database, even with the extras after it! :)
6:25 pm on June 17, 2013 (gmt 0)

Preferred Member

10+ Year Member

joined:Mar 10, 2004
posts: 430
votes: 23

Thanks. Checked them all and already have them all blocked... so feeling better about keeping on top of these cesspools.

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members