Web Server Traffic Should be Banned
Opinions will differ about putting a ban on web server traffic. There are those who want their blogs and websites free from malicious activity, safe and secure for genuine valuable visitors. Then there are those who think there should be no restrictions on web traffic and activity (some even think spam is not bad).
Let’s clarify the web traffic we’re talking about. We’re not talking of banning referer traffic i.e. traffic from good back-links from websites resulting in genuine visitors.
Checks.Panopta.com – nuisance bot
Panopta.com calls itself “Uptime Management Software for Hosting Providers, SaaS Providers, IT Managers, and Website Owners”. Well, there’s nothing wrong with the idea. If your website is critical to your business it’s not a bad thing to get alerted if or when your site is offline.
But Did You Subscribe to Panopta.com?
Panopta.com monitoring service allows other people to monitor your website! That’s right, you don’t have to sign up for their service for your domain to be monitored. This means a business competitor can monitor your website status without your permission!
Bing and MSN Bots Are Banned
I have banned Bing, Yahoo and MSN search engine spiders from my sites! I’m tired of the constant rule breaking and over-crawling by Bing and MSN search bots.
Bing is a Rule Breaker
Microsoft claims Bing honours robots.txt rules. In my experience that is a blatant lie. Bingbot / msnbot simply ignore robots.txt rules and crawl whatever they want. Some of the specific rules broken include;
- crawling system folders
- crawling image folders (msn-media bot). Image folders and extensions jpg, png,gif, bmp are disallowed
- crawling RSS feeds. All RSS feeds are disallowed; rss.xml, /feed/, etc
- crawling comment forms; DOMAIN/comment/184 – the path /comment/ is disallowed in robots.txt
The last straw was today. 2 days ago I added Bing and MSN user agent strings to disallowed bots in robots.txt across all my sites; this morning I see these bots read robot.txt then ignored it totally, and crawled the sites anyway.
Roubaix Ovh Systems – Most Dangerous Host?
Is Roubaix Ovh Systems, a hosting and Internet Service Provider in France, one of the most dangerous ISPs and hosts in the world? We could be justified in thinking so. At least out of ISPs and hosting companies in the Western economic zone, outside of former Soviet Union states.
When you see a spambot active on your site, a hacking attempt, or a trackback spammer, there’s a pretty good chance it’s coming from an IP registered to Roubaix Ovh Systems, or another Ovh Systems IP.
Roubaix Ovh Systems Banned on Sight
We (Graphicline Web & Technology) have seen so much bad activity from IPs traced back to Roubaix Ovh Systems we now ban all their IPs as soon as I find them. Activity from all other OVH Systems networks are watched carefully
Apparent Botnet Attacked My WordPress Website
What appeared to be a botnet attacked one of my sites (tech.graphicline.co.za) this morning in a brute-force wp-login attempt from multiple IP addresses. This was the most coordinated attack against any of my sites I’ve experienced. Usually the hacker bots I see use up to 6 IP’s in these attacks – 146 IPs is serious stuff…
146 IP’s Used in Simultaneous Attack
The IP’s listed below are the guilty parties to this brute-force login attack on the site. The main attack started at 05h09 GMT this morning (November 25, 2012) and continued until 05h15 GMT. A second but less intense attacked followed; starting from 05h16 GMT tailing off until ending at 05h43 GMT
MWEB IPs used by Spammers and Hackers
Checking an IP record for 188.8.131.52 after noticing a minor offence this morning – the ubiquitous and quite stupid practice of adding “/undefined” to the end of actual URLs – brought up a list of IPs in the neighbourhood. All the IP’s included below belong to MWEB. (whois.domaintools.com IP lookup records.)
MWEB, a South African Internet Service Provider, has previously had IP’s under their control listed in several databases as a source of spam e-mails. According to Project Honeypot a range of IP’s managed by MWEB is (or was) used by Spammers and Dictionary Attackers.
What is Markmonitor.com?
Markmonitor.com is a company providing brand protection to (mainly) global brands.
Markmonitor monitors the Internet (supposedly) looking for brand-piracy, domain name hijacking and counterfeiting (of branded goods) among it’s range of client services. The company must use search spiders to trawl websites looking for this information.
They also have another side of business, as a domain registrar, and a number of large corporations including Apple.com have their domains under their ambit.
Hacking Attempt from IP 184.108.40.206/8
An unsuccessful attempt to hack my website graphicline.co.za was made Friday 21 October 2011 shortly before 15h00 SAST (13h00 GMT).
The attempt was first identified by repeated 404 ‘page not found’ and 403 ‘access forbidden’ messages resulting from the hacker using URLS while trying to get access to the server and website setup files, and to log-in to unauthorised and prohibited areas of the website and server. The server is set to send notifications to me of 404, 403 and similar errors.
The attack originated from a business on the corner of Jumeirah Road and Sheikh Rashid Road, Juneirah, Dubai, United Arab Emirates. The business is located in a warehouse or freight depot. Identified from the IP addresses used during the attack – IP 220.127.116.11 and 18.104.22.168. It appears two hackers were working simultaneously.
I should thank these ill intended persons for testing the security of the website and server. Each incident is an opportunity to examine security, to improve the strength of the server environment.