This is not actually a new range, but it shows up so infrequently that it's worth a mention:
Yandex (including YandexBot and WMT) 87.250.224.0/19 ^87\.250\.2(2[4-9]|[3-5]\d)
keyplyr
11:44 pm on Feb 25, 2018 (gmt 0)
Ever since Yandex announced *not* to filter by IP range, I've just been doing random manual checks on the ones I don't recognise.
Have they narrowed their valid crawl ranges down to a manageable number now?
lucy24
4:54 am on Feb 26, 2018 (gmt 0)
Have they narrowed their valid crawl ranges down to a manageable number now?
In a word: No.
Although I knew the one given above was a Yandex range, I'd never added it to my Ignore list, which currently contains :: shuffling papers :: 3 (three) /16 ranges 8 (eight) /18 ranges 3 (three) smaller ranges (/19 and /22)
And that's not counting 130.193.32.0/19 which includes Yandex Translate
:: further business with raw logs ::
For 2018 only: one from 5.45.207 lots from 5.255.250 (about 1/4 the total) [ faker from 37.72 ] lots from 77.88.6 some from 84.201.133 a few from 87.250.224 lots from 93.158.161 some from 100.43.81, 85 one from 178.154.171 vast numbers (1/2-2/3 the total) from 141.8.143-144, almost all from the exact IP 141.8.144.18. Last year at this time it was 141.8.143.141; I think 141.8 has been their favorite neighborhood for quite a while.
keyplyr
6:26 am on Feb 26, 2018 (gmt 0)
I thought the IP ambiguity was limited to growing pains. I had expected more specific ranges after they got established in Palo Alto, but nope.
IMO having an explicit crawl range is required equipment for a major SE. How else are webmasters supposed to account?
lucy24
9:23 pm on Feb 26, 2018 (gmt 0)
Did you notice that I found a faker up above? It came through as a 403--not because I cross-check UA and IP, as one would with Google, but because it sent entirely different headers than the real Yandex.
I've long been intrigued by Yandex's combination of {vast array of IP ranges} with {clear preference for a specific IP down to the last digit}.
keyplyr
9:51 pm on Feb 26, 2018 (gmt 0)
[ faker from 37.72 ]
Reoccurring or just once?
lucy24
1:16 am on Feb 27, 2018 (gmt 0)
Just once. I don't see any part of 37.72 very often; it seems to be a mix of servers and ISPs in assorted countries. Going back over the past year, I find the occasional robot including wp-login attempts, something claiming to be from uptime-eu.net, one human image request. Shrug.
Admittedly it's unusual for a robot to swing by claiming to be Yandex and only request one interior page.
:: insert boilerplate about what goes on in the mind of a robot ::
