62.4.0.0/19 is dedibox, not broadband.

62.210.0.0/17 is an iliad range which claims to be "IP Pool for Iliad-Entreprises Business Hosting Customers", which has generated enough bad accesses to warrant server status here.

As to the UA - anyone's guess. :(

thanks fo rthe clarification on iliad! i've blocked those blocks now.

that was the full UA string as well! weird

requesting the home page of one site several times a day,

Only several? Hits my pages about 60 to 100 times daily, same range.

Requests robots.txt (where it is disallowed) then disobeys it. Seems to be vertical, not linear.

Seems to be vertical, not linear.

In English? :(

no hay problema

Vertical = getting URLs from a list that resides on the machine. Probably gained usage due to the illusion the WWW is "up in the air."

Linear = used to describe bot behavior that follows links from one document to another, one server to another.

requesting the home page of one site several times a day, no robots.txt

.... and here it is, over two months later, and they finally show up on one site (maybe more, I'm just now running logs) from the 62.4.22 range.

Four front page (two on one day, two more about 36 hrs later); one for example.com/directory/; three separate requests for example.com/directory/page.html. Does this mean they're picking up links posted somewhere else, and backtracking through the directory structure for verisimilitude?

I really hope the whole /19 is hosting; it's so much easier to block that way.

We block all 62. saves an awful lot of hassle, and squeamish hand-wringing.

Teaching ISPs how to behave, using the drip method.

We block all 62.

Really? That's an awful lot of humans (mobile & desktop.) Also a major security company that, if blocked, may warn humans from other ranges not to visit your site. Also a couple proxies (more humans.)

Teaching ISPs how to behave...

Let me know how that works out for you :)

We block all 62
<snip>
using the drip method.

Isn't that more like the Niagara Falls method?

Follow-up:
They've found a new address, 163.172.7.229. You can tell it's the same people, not just someone using a handy UA string, because they started right in requesting various interior pages. Oops, no, my bad, only two: four requests for one, seven for another, although they got a perfectly clear 200 each time. HTML only.

Interestingly, they came back three days later from the old 62.4 IP, requesting the front page only.

Free lookup says
163.172
(a) Online Net Dedicated Servers
(b) Dedicated Servers and cloud assignment
(c) rev.poneytelecom.eu
(d) MNT-TISCALIFR (that explains why I'd got the range down as UK)

Uh-oh, that smells like a UA-based lockout.

Are you saying poneytelecom.eu is NOT an ISP?

I've seen a lot of bad activity coming from their ranges, but it gets blocked by other mechanisms at my server. I've allowed these ranges because I've believed it an ISP, albeit full of crooks.

Does "62.4" = 62.4.0.0/19?
Does "163.172" = ?

I've seen 163.172.7.229 but can't get a more succinct range.

Are you saying

No, I'm just quoting everything it spat out at me. Not sure what Tiscali is doing in France, either.

Does...

Yup.

Only one site, though. Meanwhile, to ensure it wouldn't feel left out, another site got hit by a fake bebopbot instead. (Don't think I've ever met the real one; no reason I would. This is just as well, as it lets me block the fakers by UA.)

Bebopbot crawls from Polytech Univ servers in New York but the data center is in Plano, Texas. Its my crawler, you didn't know that? I do get notices of posers now and then. There's an info page in the UA, at least in the real one :)

Its my crawler, you didn't know that?

I did, or I wouldn't have mentioned it :-P

It's always funny when a fake UA retains the link to the real thing's information page--the better to identify the fakes.

:: wondering if there's any power on earth that can make cat grasp the direction of causality between the two observable facts {I do not wish to go outside} and {It is not only raining but exceptionally cold} ::

Heard it was wet in N.Cal... it was sunny & warm down here. Went surfin' a few hours ago :-P

A few years back I started blocking bots(well anything) based on rdns string and combination of header rules. anything.poneytelecom.eu is on A Sh.t list. Not one request with proper headers, left along UA for the past few years or so.

poneytelecom.eu has IPV4 routes(and 1 IPV6) posted on their root page BTW.

Re: Polytech Univ.
Used to work right next to it in "Brooklyn!, Brooklyn!" - MetroTech Plaza - J Street & Borough Hall on A/C line. Awesome Music on Thursday afternoons in the park.
@keyplyr - did not see your 'bot' there ;)

Tiscali started out in Italy, I think, but became very active in UK. Also has ranges in FR, ES, NL, BE (and probably others).
Mostly broadband but a few blockable ranges.

@keyplyr - did not see your 'bot' there ;)

Looks just like Mozilla/5.0 :)

Ichimoku (or Ichimoku Cloud, Ichimoku Trading, Ichimoku Kinko Hyo) is some kind of Stock Market Analysis. Also related are Kumo Cloud, Kumo Technologies.

One related website says "The Kumo is the cloud component of the Ichimoku Kinko Hyo."

kumo is Japanese for spider.

My guess is nothing to get worried about as the requests are small; probably mapping site signatures. Might even be only looking for financial related sites. Or could be the testubg of a new spider. I'm always inclinded to what new bots for a while before eben considering an IP ban (on certainly not a block ban if they just use one to a few IPs).

(No way to "edit" comments? My poor Grade School English teacher is rolling in her grave...)

No way to "edit" comments?

It's on the "Msg#" dropdown. Too late now, but three minutes would have been well within the allowable range.

:: glancing down at keyboard to verify explanation of "testubg" ::

kumo is Japanese for spider.

Now, that's useful to know ;)

My guess is nothing to get worried about as the requests are small

Well I do not "get worried." The purpose of this forum is to document Search Engine Spiders and other User Agents for reference and discussion. Requests are never "small."

kumo is Japanese for spider

No, kumo is Japanese for "cloud."

Cloud, spider, gossamer, same difference.

Well a cloud is a server platform and a spider is a piece of code that is executed on the server. Gossamer is sexy lingerie of course.

:: detour to Google translate after renewal of topic in different thread ::

The words for "spider" and "cloud" BOTH transliterate to "kumo" in Japanese. GT only offers the kana for one of them, so no comparing of vowel quantity. I'm going to ask a human.

I'm going to ask a human.

I asked one. She said kumo was "cloud." When I asked her word for spider, she said "eek!"

The human I consulted says it's just a homophone. I was hoping to find some arcane semantic link-- that's why I thought of gossamer-- but no such luck. She also points out that the kana provided by Google Translate for "spider" does not, in fact, say kumo. (I should have seen this myself, since it's clearly too many syllables.) In fact it says-- wait for it-- supaidaa. (The u is more-or-less silent.) No explanation forthcoming, though it does leave me wondering about what else is lurking in Google Translate.

So now the question is: Is cloud computing, in Japan, called by any form of kumo? I told my human that the translation puzzle arose in one of the few venues where "cloud" and "spider" could both have been viable translations, and will now have to reassure her that we are not talking about clouds of baby spiders.

clouds of baby spiders

I hope I can forget that before going to sleep tonight