Dec 23, 2006

praguomi/5.0 spam bot

praguomi/5.0 (http://somespam; u; http://same spam; http://spam; rv:1.7.12) gecko/20050915 firefox/
80.227.0.153

This bot tries to write spam links inside your useragent stats

Dec 18, 2006

mozilla/5.0 (000000000; User agent all Zeros

mozilla/5.0 (000000000; 0; 000 000 00 0; 00) 0000000000000000000 0000000 0000 000000 000000000000
84.176.234.188 p54B0EABC.dip.t-dialin.net


Anyone else seen this?

Is this some strange bot or is someones proxy changing all letters to zeros?

plano.mcafee.com Is this a bot?

mozilla/4.0 (compatible; msie 7.0; windows nt 5.2; .net clr 1.1.4322; .net clr 2.0.50727)
All Hits From plano.mcafee.com 205.227.137.1


So is this a bot? If so whats it doing?




[IPv4 whois information for 205.227.137.1 ]
[whois.arin.net]
OrgName: Level 3 Communications, Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US

depspid/5.07; +http://about.depspid.net) abuse

mozilla/4.0 (compatible; depspid/5.07; +http://about.depspid.net)
70.109.76.129 pool-70-109-76-129.hag.east.verizon.net

This bot doesnt take no for an answer it hammers pages over and over when it gets a error.

Website is another startup. Only hits we have seen are from hag.east.verizon.net

Both this IP and the bot have been banned.

Dec 17, 2006

Do you have a robots problem?

The scale of the robots problem largely depends on the type of website as well as the type of content it offers. The following pointers are consistent with robot activity.

· Large numbers of requests from a single IP address or a range of IP addresses within the same subnet (i.e. the first three numbers of the IP address are identical).

· Large numbers of requests for database driven content compared to the rest of the website.

· Many requests made from browsers that do not support ASP Sessions.

· Lots of and increasing numbers of website visitors, but no corresponding increase in transactions (e.g. sales!).

· Large numbers of spam or automated requests being generated from online forms.

See full story here.

Windows Live caught ignoring robots.txt

I have for almost a year banned robots from indexing cgi-bin files windows live is still showing links to my banner rotation software complete with a cache.

This is a direct violation of the robot.txt standard.


Also as in the last post the formatting of the windows live search results is confusing users because only the title is hot linked and the url is not hot linked making it very inviting to click on the cache link.

Dec 15, 2006

Windows Live Cache abuse confusion

I am starting to see users newbies that are trying to surf sites using the windows live cache instead of the website links.

What happens is that they are trying to submit orders and use the site by the cache and it gets detected as trackback spam due to the unusual referrer.

When I tried to warn the users to come to my website to use it I discovered that they can not tell my website from the windows live cache due to poor formatting of the Windows live screens and links. They have no ideal what they are doing or what the problem is.

Never had this problem with google most likely due to it being a smaller font link above the website link. Only solution I can see is to not allow msn to cache.

META NAME="msnbot" CONTENT="nocache"

It ignores the private cache command.
META HTTP-EQUIV="CACHE-CONTROL" CONTENT="PRIVATE"

Dec 10, 2006

EBAY Bot what is it doing?

mozilla/5.0 (windows; u; windows nt 5.0; en-us; rv:1.8.0.7) gecko/20060909 firefox/1.5.0.7
216.113.181.67


I have been watching this bot it hits 3 of my incomming pages every few days and gets a error but it keeps trying ever few days.

Perhaps this thing is scrapping our sites to see what content we have and then using those keywords google advertising.

Or perhaps its looking for people saying bad things about EBAY and Paypal like
paypalwarning.com
paypalsucks.com
ebaysucks.com/

yoono.com new bot

mozilla/5.0 (compatible; yoono; http://www.yoono.com/)
193.110.140.148

This site has a bookmark sharing service and its not clear what this bot is doing.
It might be atempting to verify the links.

Anyway its a new bot that hit here this week.

Dec 8, 2006

Nedstat goes nuts. Sets cookie FRQSTR on your domain.

A lot of us have used nedstats since the 90s well I just started seeing the cookies coming from my domain that my software was not setting and discovered that nedstat got bought out and is inserting popups on some websites.

The site has found out some way to set the following cookies on your domain.

FRQSTR=
WIDYMD=
KIDYMD=
Its not clear if they can read back a cookie from your domain. I dont think they can, it may just be a bug. I dont know but if you have any nedstat code on your sites you need to remove it because something strange is going on.

Here is how to add a link on your site to display all the cookies your site has set.

Display this sites cookies

You create this by creating a link to.
javascript:alert(document.cookie);

voilabot abuse

mozilla/4.0 (compatible; msie 5.0; windows 95) voilabot beta 1.2 (http://www.voila.com/)
81.52.143.15 natcrawlbloc01.net.m1.fti.net

This bot has been in my ban list and robots.txt reject list for some time but it wont go away it ignores robots.txt and it ignores the errors it gets when it tries to load pages.

Adding it to the deny ip list.

deny from 81.52.143.15

Dec 5, 2006

outboundrequest.com abuse

POE-Component-Client-HTTP/0.65 (perl; N; POE; en; rv:0.650000)
64.239.7.216 ns2.outboundrequest.com
POE-Component-Client-HTTP/0.65 (perl; N; POE; en; rv:0.650000)
64.65.13.36 garnet.il.outboundrequest.com


This is a known bad useragent. And outboundrequest.com is a real domain with no website. Updated bots changed ips.

OrgName: Interland, Inc.
OrgID: INTD
Address: 101 Marietta Street
City: Atlanta
StateProv: GA
PostalCode: 30039
Country: US


Added to domain ban

outboundrequest.com,Abusive bots

stage1.answers.com bot

mozilla/4.0 (compatible; msie 5.5; windows nt 5.0)
64.34.176.218 stage1.answers.com


This must be a bot from answers.com however its using a fake useragent.

Since answers has nothing on its site about running a bot its blocked.

twiceler Expermental bot

twiceler www.cuill.com/twiceler/robot.html
64.62.136.205


Hurricane Electric
OrgID: HURC
Address: 760 Mission Court
City: Fremont
StateProv: CA
PostalCode: 94539
Country: US

This bot just can not take no for a answer. It keeps trying to scan my site.

Says it will respond to
User-agent: cuill
Disallow: /

in robots so I am going to try that.

mozilla/0.6 beta (windows) is a bot

mozilla/0.6 beta (windows)
66.36.229.205

This useragent has bee verified as a bot.

It was orginaly netscape before tables and no one would be using that browser anymore.

Dec 3, 2006

crlptp01 = Colgate University fake domain name

mozilla/5.0 (macintosh; u; ppc mac os x; en) applewebkit/418.9.1 (khtml- like gecko) safari/419.3
crlptp01 149.43.116.39

Colgate University
OrgID: COLGAT-2
Address: 13 Oak Drive
City: Hamilton
StateProv: NY
PostalCode: 13346
Country: US

Why would Congate Univ have a fake domain connected to one of its IPS?

nslookup 149.43.116.39
Canonical name: crlptp01
Aliases: dfbnt351

Dec 1, 2006

Block list updated 11-30-06

Block list has been updated.
Click on update link

Ok to use this you need M&M Autoban installed. DOCS are in the zip file.

Or you can use the data on your own scripts.