Blog Archives

Ban Web Server Traffic

Web Server Traffic Should be Banned

Opinions will differ about putting a ban on web server traffic. There are those who want their blogs and websites free from malicious activity, safe and secure for genuine valuable visitors. Then there are those who think there should be no restrictions on web traffic and activity (some even think spam is not bad).

Let’s clarify the web traffic we’re talking about. We’re not talking of banning referer traffic i.e. traffic from good back-links from websites resulting in genuine visitors.

Read the rest of this entry

Advertisements

Panopta.com Pest Bot

Checks.Panopta.com – nuisance bot

Panopta.com calls itself “Uptime Management Software for Hosting Providers, SaaS Providers, IT Managers, and Website Owners”.  Well, there’s nothing wrong with the idea. If your website is critical to your business it’s not a bad thing to get alerted if or when your site is offline.

But Did You Subscribe to Panopta.com?

Panopta.com monitoring service allows other people to monitor your website! That’s right, you don’t have to sign up for their service for your domain to be monitored. This means a business competitor can monitor your website status without your permission!

Read the rest of this entry

Bing Banned

Bing and MSN Bots Are Banned

I have banned Bing, Yahoo and MSN search engine spiders from my sites! I’m tired of the constant rule breaking and over-crawling by Bing and MSN search bots.

Bing is a Rule Breaker

Microsoft claims Bing honours robots.txt rules. In my experience that is a blatant lie. Bingbot / msnbot simply ignore robots.txt rules and crawl whatever they want. Some of the specific rules broken include;

  • crawling system folders
  • crawling image folders (msn-media bot). Image folders and extensions jpg,  png,gif, bmp are disallowed
  • crawling RSS feeds. All RSS feeds are disallowed; rss.xml, /feed/, etc
  • crawling comment forms; DOMAIN/comment/184 – the path /comment/ is disallowed in robots.txt

The last straw was today. 2 days ago I added Bing and MSN user agent strings to disallowed bots in robots.txt across all my sites; this morning I see these bots read robot.txt then ignored it totally, and crawled the sites anyway.

Have You Seen Bad Activity by Bing?

Read the rest of this entry

Roubaix Ovh Systems

Roubaix Ovh Systems – Most Dangerous Host?

ovh systems france graphic

Is Roubaix Ovh Systems, a hosting and Internet Service Provider in France, one of the most dangerous ISPs and hosts in the world? We could be justified in thinking so. At least out of ISPs and hosting companies in the Western economic zone, outside of former Soviet Union states.

When you see a spambot active on your site, a hacking attempt, or a trackback spammer, there’s a pretty good chance it’s coming from an IP registered to Roubaix Ovh Systems, or another Ovh Systems IP.

Roubaix Ovh Systems Banned on Sight

We (Graphicline Web & Technology) have seen so much bad activity from IPs traced back to Roubaix Ovh Systems we now ban all their IPs as soon as I find them. Activity from all other OVH Systems networks are watched carefully

Read the rest of this entry

Botnet Attacks WordPress Website

Apparent Botnet Attacked My WordPress Website

graphic image of botnet attackerWhat appeared to be a botnet attacked one of my sites (tech.graphicline.co.za) this morning in a brute-force wp-login attempt from multiple IP addresses. This was the most coordinated attack against any of my sites I’ve experienced. Usually the hacker bots I see use up to 6 IP’s in these attacks – 146 IPs is serious stuff…

146 IP’s Used in Simultaneous Attack

The IP’s listed below are the guilty parties to this brute-force login attack on the site. The main attack started at 05h09 GMT this morning (November 25, 2012) and continued until 05h15 GMT. A second but less intense attacked followed; starting from 05h16 GMT tailing off until ending at 05h43 GMT

Read the rest of this entry

Is MWEB a Spammers Haven?

MWEB IPs used by Spammers and Hackers

mweb spam ips icon

Checking an IP record for 41.133.8.155 after noticing a minor offence this morning – the ubiquitous and quite stupid practice of adding “/undefined” to the end of actual URLs – brought up a list of IPs in the neighbourhood. All the IP’s included below belong to MWEB. (whois.domaintools.com IP lookup records.)

MWEB, a South African Internet Service Provider, has previously had IP’s under their control listed in several databases as a source of spam e-mails. According to Project Honeypot  a range of IP’s managed by MWEB is (or was) used by Spammers and Dictionary Attackers.

Read the rest of this entry

2753 Spam Comments in Two Weeks

The Heavily Spammed Article

spambot graphic imageThree spambots tried to leave 2753 spam comments on a single article in two weeks. I’m pleased to say none were succesful – all blocked by Drupal CAPTCHA. The article receiving this unwanted attention is about the use of website backlinks “Backlinks for Results“. I would take an educated guess at the subject matter of these spammers’ efforts – Black Hat SEO services!

That adds to the tally of around fifty other spam comments blocked most days of the week… I for one am very thankful for CAPTCHA challenges. These annoying, much hated image and text field challenges save a lot of time, and time is money…

Spambots are an evil of the net today, there’s no getting away from them, and the better a site performs in Google SERP, and the more visitors a site gets, the more spammers, both bots and human, will try to leave backlinks in rubbish comments hoping for that elusive “followed” backlink or just the traffic from readers clicks.

Read the rest of this entry

Markmonitor dotcom | Watchdog or What?

What is Markmonitor.com?

brandmark monitor iconMarkmonitor.com is a company providing brand protection to (mainly) global brands.

Markmonitor monitors the Internet (supposedly) looking for brand-piracy, domain name hijacking and counterfeiting (of branded goods) among it’s range of client services. The company must use search spiders to trawl websites looking for this information.

They also have another side of business, as  a domain registrar, and a number of large corporations including Apple.com have their domains under their ambit.

Read the rest of this entry

Website Hacking Attack

Hacking Attempt from IP 86.96.226.87/8

An unsuccessful attempt to hack my website graphicline.co.za was made Friday 21 October 2011 shortly before 15h00 SAST  (13h00 GMT).

Satellite image of hacker in dubai location

Click image for larger view (image from Google Earth)

The attempt was first identified by repeated 404 ‘page not found’ and 403 ‘access forbidden’ messages resulting from the hacker using URLS while trying to get access to the server and website setup files, and to log-in to unauthorised and prohibited areas of the website and server. The server is set to send notifications to me of 404, 403 and similar errors.

The attack originated from a business on the corner of Jumeirah Road and Sheikh Rashid Road, Juneirah, Dubai, United Arab Emirates. The business is located in a warehouse or freight depot. Identified from the IP addresses used during the attack – IP 86.96.226.87 and 86.96.226.88. It appears two hackers were working simultaneously.

I should thank these ill intended persons for testing the security of the website and server. Each incident is an opportunity to examine security, to improve the strength of the server environment.

Read the rest of this entry