Symantec from **.broadband.digiweb.ie

Forum Moderators: open

Message Too Old, No Replies

Symantec from **.broadband.digiweb.ie

The range belongs to Symantec Corporation

blend27

6:31 pm on Jan 22, 2019 (gmt 0)

So from this range 89.234.68.64.64 thru 89.234.68.127 I got 200+ requests since Feb 01, 2016. All requests use FF Firefox/3.6.8 on Win XP.

Funny part all requests are pointing to a root of the domain and 20% of the requests have a none WWW as a referrer.

Here is the Kicker - there rest, give or take a few for WWW as a referrer have a valid path of image(s) on this site but not on a home page :).

Example of that:

Request: to root
Ref: image from some other page on the site.

What Gives?

lucy24

7:53 pm on Jan 22, 2019 (gmt 0)

What gives indeed. Is it possible the botrunner got two lines of their script mixed up, and it was supposed to be requests for your images, giving your own root as referer (thereby bypassing any hotlink protection you might have)?

:: quick run to archived headers ::

Huh. Nope, never seen that pattern, though I do get some image requests with autoreferer. Interestingly, most of them also have this line:
0: Referer: http://example.com
which may have contributed to them getting blocked. (I know they were blocked because I don't log headers on image requests as such.)

Surely you don't get bona fide human requests from Firefox 3? I try to bend over backward for humans with old computers, but I do block <= 27.

ClosedForLunch

9:34 pm on Jan 22, 2019 (gmt 0)

Surely you don't get bona fide human requests from Firefox 3? I try to bend over backward for humans with old computers, but I do block <= 27.

Yes. Old versions of FF go straight in the dumpster. I'm currently blocking < 40. Listen to those bots squeal.

dstiles

4:30 pm on Jan 23, 2019 (gmt 0)

Don't know how relevant this is, but the range 89.234.68.64 - 89.234.68.127 belongs to Symantec Ireland. The range is part of Digiweb's.

dstiles

10:28 am on Jan 25, 2019 (gmt 0)

Sorry, didn't read the Subject. :(

SumGuy

3:11 pm on Jan 28, 2019 (gmt 0)

I seen hits from Symantec (Ireland) and I don't block them (regardless what the User-Agent is - and besides my IIS4 server can't block based on UA in the first place). The way I see it, if some institutions / corporations are somehow hooked into Symantec (and other) corporate security web-surfing products as part of their network infrastructure, I sure do not want my site to be blocked when users at those institutions / corporations try to browse my site.

lucy24

10:09 pm on Jan 28, 2019 (gmt 0)

I sure do not want my site to be blocked when users at those institutions / corporations try to browse my site

Heh. Back when I relied heavily on IP-based blocking, I routinely blocked any proxy I happened to learn about. Turns out, one of those blocked proxies was used by all County offices--which happened to be the primary audience for one small site. So, yeah, get as much information as you can. I think keyplyr used to have* a bit of boilerplate about how identifying and blocking are entirely different things and you all have to make your own decisions based on your own circumstances.

* Urk. That makes it sound as if he has died, when in fact he is just temporarily detained in what some venues are pleased to call �Real Life�.