Couple of new bots (DS Nine Discover / Alphabot)

Forum Moderators: open

Message Too Old, No Replies

Couple of new bots (DS Nine Discover / Alphabot)

SumGuy

11:32 pm on Mar 18, 2018 (gmt 0)

Maybe others have already seen these and documented them already, but they're new to me. First one - DS9 Discover. User Agent:

DS9 Discover/0.1 (The DS Nine Discover crawler; http//semanticlab.net/test; norman.suesstrunk@htwchur.ch)

Hit my robots file yesterday, then did head on default.html then grabbed it. Operating from 193.5.58.0/24. (HTW Chur). I note that something somewhat similar happened from 78.47.215.0/24 (Hetzner) on 18/01/23:

ds9 2.001.1(+http//www.deepsearchnine.com/ds9.html)

But it got 403 at the time. I'll be 403'ing 193.5.58.0/24 now too.

Another bot hit yesterday:

Mozilla/5.0 (compatible; AlphaBot/3.2; +http//alphaseobot.com/bot.html)

from 23.237.4.0/23 (FDCservers, Denver).

Look back through the logs show this one first hit Oct 19 last year, then kept hitting a few times a month since then. I already had it blocked (based on a larger CIDR IP block I guess). It was just hitting our IP on port 80, looking for what-ever might come back.

keyplyr

1:38 am on Mar 19, 2018 (gmt 0)

Thanks SumGuy

DS9 Discover seems to be a renamed Discoverbot from semanticlab.net & semanticscholar.org.
[webmasterworld.com...]

AlphaBot is a veteran
[webmasterworld.com...]
[webmasterworld.com...]

Use the site search (upper-right corner) to see if there is already documentation.

It's helpful if you create a new thread for each new UA using the following succinct template:
UA:
Protocol:
Robots.txt:
Host:

lucy24

6:53 am on Mar 19, 2018 (gmt 0)

I'll be 403'ing 193.5.58.0/24 now too.

Think carefully before blocking at the /24 level. Sometimes it's necessary, especially as a temporary fix, but most of the time that /24 is tucked away inside a /20 or /19 or--happy day!--a /16 or bigger.

Count on your fingers and you will see that 2^24 can lead to a very, very long Deny list ;)

SumGuy

1:32 pm on Mar 19, 2018 (gmt 0)

Oh, I know that /24 is relatively small, and when a bgp lookup tool shows me that the /24 is part of a larger range owned by the same entity I'll block the larger range. My blocking list probably has around 2k CIDR's, including maybe 1/2 dozen /8's. My site is run on NT4 server running IIS4, so it has no ability to block based on user agent so I have to focus on IP-based blocking.

wilderness

3:43 pm on Mar 19, 2018 (gmt 0)

SumGuy,
There's a longtime member of this forum that's been using IIS for nearly 20-years.
It's my recollection that he has a a complicated custom method for UA's.
There's very threads on the methods (may have some bookmarks saved some dang place).

Unable to recall his name.

dstiles

12:18 pm on Mar 20, 2018 (gmt 0)

It's Dave :) Hello.

keyplyr

6:28 pm on Mar 20, 2018 (gmt 0)

If this is headed for a IIs code discussion, please take it to the Microsoft IIS Web Server Forum [webmasterworld.com]

Thanks