That's my point :)

Trapped another Chinese bot, this one lives in Kansas: DNSslave and Virpus:
50.115.168.18 DNSSLAVE5 50.115.160.0/20

Angonasec I don't doubt your judgement, but just so I might also be in the know, what indicators are you using to determine that these bots are "Chinese" since they are mostly coming from US or Euro server farms?

EBL Global Networks
COREXCHANGE-05 108.60.192.0 - 108.60.223.255 108.60.192.0/19
COREXCHANGE-08 108.166.160.0 - 108.166.191.255 108.166.160.0/19
COREXCHANGE-09 198.154.96.0 - 198.154.127.255 198.154.96.0/19
COREXCHANGE-01 208.78.216.0 - 208.78.223.255 208.78.216.0/21
COREXCHANGE-07 209.105.224.0 - 209.105.255.255 209.105.224.0/19
COREXCHANGE-06 216.172.96.0 - 216.172.111.255 216.172.96.0/20
COREXCHANGE-02 67.211.32.0 - 67.211.63.255 67.211.32.0/19
COREXCHANGE-04 74.124.0.0 - 74.124.31.255 74.124.0.0/19
COREXCHANGE-IPV6-01 2607:F348:: - 2607:F348:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

Don - thanks for the CorExchange ranges. I only had one of those :(

WebsiteWelcome

2013 thread [webmasterworld.com]

Apr 2014 [webmasterworld.com]


HGBLOCK-4 108.167.128.0 - 108.167.191.255 108.167.128.0/18
HGBLOCK-5 108.179.192.0 - 108.179.255.255 108.179.192.0/18
HGBLOCK-10 192.185.0.0 - 192.185.255.255 192.185.0.0/16
HGBLOCK-8 192.232.192.0 - 192.232.255.255 192.232.192.0/18
HGBLOCK-6 198.154.192.0 - 198.154.255.255 198.154.192.0/18
HGBLOCK-9 192.254.128.0 - 192.254.255.255 192.254.128.0/17
HGBLOCK-7 198.20.224.0 - 198.20.255.255 198.20.224.0/19
HGBLOCK-2 216.172.160.0 - 216.172.191.255 216.172.160.0/19
HGBLOCK-3 50.116.64.0 - 50.116.127.255 50.116.64.0/18
HGBLOCK-1 96.125.160.0 - 96.125.175.255 96.125.160.0/20
HGBLOCK-IPV6-1 2605:F300:: - 2605:F300:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

Cool, I didn't have half of those. WebsiteWelcome has been pretty active on my sites... or should I say UN-welcome.

Root Level Technology
ROOTLEVELTECH3 107.191.224.0 - 107.191.255.255 107.191.224.0/19
ROOTLEVELTECH-MAIN 209.148.80.0 - 209.148.95.255 209.148.80.0/20
ROOTLEVELTECH-SECONDARY 23.239.128.0 - 23.239.159.255 23.239.128.0/19
ROOT-LEVEL-TECHNOLOGY-IPV6-1 2605:2080:: - 2605:2080:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

Chinese bot scraping the Western hosting barrel: PrivaxLTD Turnkey Internet Inc. pwebservers.com
67.231.244.123 67.231.240.0/20 ber...locked!

KeyP: See my previous reply here re: Chinese bots.

KeyP: See my previous reply here re: Chinese bots.

Sorry, all I see is you saying everything is a Chinese bot but not why.

Sorry, all I see is you saying everything is a Chinese bot but not why.

ditto.

Did a search on "Chinese+you" and went back to 2006 for a valid explanation, although that 2006 thread was in regards to Far East, rather than Chinese.

More recent Gents, keep looking, and you'll find it.

Chinese barrel scraper of the day:
QuickPacket, LLC trustvm.com
162.223.31.37 162.223.28.0/22 ber...locked!

Here we are Gents, save you pulling your hair out:
[webmasterworld.com...]

msg:4698285
Q/
"What Chinese connection did you see?"

Identical repeated unusual behaviour to known Chinese bots such as "ten-cent" etc...
/Q

Hopefully, you'll understand the reason for the somewhat reticent response :)

msg:4698285
Q/
"What Chinese connection did you see?"

- The ISP (servarica.com) appears to be a cloud/VPS server farm in Quebec. What Chinese connection did you see?

Pfui was asking what Chinese connection you seen at "(servarica.com)", NOT requesting a update on individual Chinese connections.

No Don, connection: As in logic, not digital :)

Nuff sed chaps, let's get into those logs!

hostcomm.ru
79.174.64.0/20
79.174.64.0 - 79.174.95.255

Input Output Flood (They've certainly expnaded their ranges since 2013).

IOFLOOD 104.161.0.0 - 104.161.255.255 104.161.0.0/16
IOFLOOD 107.167.64.0 - 107.167.95.255 107.167.64.0/19
IOFLOOD 107.178.64.0 - 107.178.127.255 107.178.64.0/18
IOFLOOD 107.189.128.0 - 107.189.191.255 107.189.128.0/18
IOFLOOD 148.163.0.0 - 148.163.127.255 148.163.0.0/17
IOFLOOD 162.213.208.0 - 162.213.211.255 162.213.208.0/22
IOFLOOD 162.218.112.0 - 162.218.119.255 162.218.112.0/21
IOFLOOD 184.164.64.0 - 184.164.95.255 184.164.64.0/19
IOFLOOD 192.110.160.0 - 192.110.167.255 192.110.160.0/21
IOFLOOD 192.30.136.0 - 192.30.139.255 192.30.136.0/22
IOFLOOD 199.167.132.0 - 199.167.135.255 199.167.132.0/22
IOFLOOD 199.231.84.0 - 199.231.87.255 199.231.84.0/22
IOFL 199.30.48.0 - 199.30.55.255 199.30.48.0/21
IOFLOOD 23.226.64.0 - 23.226.79.255 23.226.64.0/20
IOFLOOD 2604:6280:: - 2604:6280:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

They've certainly expnaded their ranges since 2013

Yeah, I only had 2 of those, and one other got expanded - thanks.

Hosted Data Solutions, LLC Florida USA
173.209.192.0 - 173.209.223.255 173.209.192.0/19

NephoScale Inc. Calif. USA
67.207.192.0 - 67.207.207.255 67.207.192.0/20

Today's expat Sinobot is living at Quadranet, AZ USA
204.44.64.0 - 204.44.127.255 204.44.64.0/18

That nephoscale one is part of the Silicon Valley Web Hosting network:
67.207.192.0 - 67.207.207.255
67.207.192.0/20
69.50.224.0 - 69.50.255.255
69.50.224.0/19
208.69.176.0 - 208.69.183.255
208.69.176.0/21
208.78.240.0 - 208.78.247.255
208.78.240.0/21
208.166.48.0 - 208.166.63.255
208.166.48.0/20
I got some of these in a thread here last Nov.
The whole Quadranet family (of like 16 CIDRs) is in July's lists.

That nephoscale one is part of the Silicon Valley Web Hosting network:
67.207.192.0 - 67.207.207.255
67.207.192.0/20

RackSpace
67.207.128.0 - 67.207.223.255
67.207.128.0/18
67.207.192.0/19

Today's cheeky Sinobots living in America:

108.62.154.123 on Nobis Technology Group, LLC 108.62.0.0/16 ber...locked!
(For fiddlers: Ubiquity Server Solutions Seattle 108.62.152.0/21 108.62.160.0/23 108.62.162.0/24)

192.171.235.207 on 192.171.224.0/19 at Micfo

XLHost Inc on eNET Inc
XLHost.com Inc XLHOST-OOFFER115-16790 64.79.85.200 - 64.79.85.207
eNET Inc. ENET-XLHOST-4 64.79.64.0 - 64.79.95.255 64.79.64.0/19 ber...locked!

64.79.85.205 - - [01/Oct/2014] "GET /example.htm HTTP/1.1" 200 1729 "-" "SMTBot (similartech.com/smtbot)"

Excuse me Gents, I appear to be on a roll;
Time to wake the guys up at; Tranquil Hosting, Inc.
162.223.8.0 - 162.223.15.255 162.223.8.0/21 ber...locked!

TRANQUIL-HOSTING 208.79.80.0 - 208.79.83.255
TRANQUIL-HOSTING 208.86.224.0 - 208.86.227.255
TRANQUIL-HOSTING 199.48.128.0 - 199.48.135.255
TRANQUIL-HOSTING 199.233.228.0 - 199.233.231.255
TRANQUIL-HOSTING 204.109.56.0 - 204.109.63.255
TRANQUIL-HOSTING 199.102.76.0 - 199.102.79.255

I have extras for tranquil - 11 in all...

103.254.160.0 - 103.254.163.255
162.217.112.0 - 162.217.115.255
162.223.8.0 - 162.223.15.255
185.16.48.0 - 185.16.51.255
185.34.0.0 - 185.34.3.255
199.48.128.0 - 199.48.135.255
199.102.76.0 - 199.102.79.255
199.233.228.0 - 199.233.231.255
204.109.56.0 - 204.109.63.255
208.79.80.0 - 208.79.83.255
208.86.224.0 - 208.86.227.255

Thank you Sir!
Apart from 162.223.8.0/21
None of those have yet appeared in my logs, so I'll leave them open pending, mainly to save htaccess bloat.

Chinese data mining company based in LA, HK, Africa;

PacketExchange Inc 70.39.128.0 - 70.39.255.255 70.39.128.0/17 ber...locked!
WANGSU SCIENCE AND TECHNOLOGY INC. 70.39.184.0 - 70.39.191.255

And that is why your stated response "I'll leave them open pending" is counter-productive. I (and I suspect many others) have had that larger range blocked for at least a couple of years so would not have seen/worried about that hit.

I have no doubt that htaccess can be reduced in some way (eg if you have access to a firewall) but that the time taken to process it is in any case minimal in real terms. I get my block-list from MySQL and parse headers etc in ASP, and the time taken for the complete processing is typically less than 70 millseconds, often far less.

Just a FYI - my htaccess file is approaching 90kb, 98% of which is blocked IP ranges, and Google Pagespeed says my server response time is fast.

Here's one I haven't seen before:

Atjeu Hosting
69.50.192.0 - 69.50.223.255
69.50.192.0/19