Tag: ban IP

XFone 018.net.il: Research and Banning

My site has been getting content and image scraped by bb-81-107.018.net.il and bb-153-46.018.net.il, but these two host names do not resolve. Furthermore there is very little on the internet on them. My next step is to ban their complete IP range.

Observation:
cust-68.196.102.5.018.net.il 5.102.196.68
CUST-89.242.102.5.018.net.il 5.102.242.89 2017-jan-23
cust-186.224.102.5.018.net.il 5.102.224.186
cust-140.227.102.5.018.net.il 5.102.227.140
cust-151.241.102.5.018.net.il 5.102.241.151
cust-132.255.102.5.018.net.il 5.102.255.132
bb-81-107.018.net.il 94.230.81.107
bb-84-30.018.net.il 94.230.84.30
bb-132-134.018.net.il 188.120.132.134
bb-134-60.018.net.il 188.120.134.60
BB-151-179.018.net.il 188.120.151.179 2017-jan-18
bb-153-46.018.net.il 188.120.153.46
BB-154-107.018.net.il 188.120.154.107 2016-oct-08
141.226.151.47 2016-oct-14

Pattern:
If there are 4 octets in the host name, then reverse the octets. If there are only 2 octets then these are the last 2 of the IP. You will need to use the host command and try the first 2 octets of their common ranges.

This is a preview of XFone 018.net.il: Research and Banning. Read the full post (145 words, 0 images, estimated 35 secs reading time)

454a986e.cst.lightpath.net: Research, Ban

454a986e.cst.lightpath.net is a content scraper bot that has been visiting my site, so I would like to remove the welcome mat.

lightpath.net seems to change their front extent many times, as a search on Google did not yield an exact match, but many variants.

Pattern:
Take the numbers before “.cst.lightpath.net” and convert them from hex to decimal, giving you 4 octets.

lightpath.net resolves to 216.2.192.141, Optimum Online or Cablevision Systems, XO Communications (ISP), but they have no website. cablevisionlightpath.org also resolves to the same ip address.

454a986e.cst.lightpath.net Their hex converts to 69.74.152.110, Cablevision Systems.

Permanent link to this post (95 words, 0 images, estimated 23 secs reading time)

Host Names I have Researched, Flummoxed

intra.cea.fr content scraped me, so I researched them.

is005045.intra.cea.fr 10.0.5.45
archie6420.intra.cea.fr 32.166.1.28

napsaci011.intra.cea.fr 132.166.177.50
napsaci012.intra.cea.fr 132.166.177.51
is151991.intra.cea.fr 132.166.118.1

kalahari.intra.cea.fr 132.167.4.137
aster.intra.cea.fr 132.167.197.147

gre018941.intra.cea.fr 132.168.11.11
gre019465.intra.cea.fr 132.168.11.112
gre045998.intra.cea.fr 132.168.11.183
grecfnimon01.intra.cea.fr 132.168.16.105
gre058496-24.intra.cea.fr 132.168.24.180
gre047417.intra.cea.fr 132.168.28.194
gre033069.intra.cea.fr 132.168.30.141
moises.intra.cea.fr 132.168.37.241
gre022491.intra.cea.fr 132.168.65.0
gre035045-160.intra.cea.fr 132.168.160.31

altairnew.intra.cea.fr 132.169.8.1
717rccair5235b.intra.cea.fr 132.169.13.1
aurel.intra.cea.fr 132.169.33.1
celaeno.intra.cea.fr 132.169.11.129

0x667.crypt.gy came back with a host lookup of 94.23.147.30, OVH. I cannot verify this IP address. Research is inconclusive. This guy uses a Microsoft server error code “1639 (0x667). Invalid command line argument” in his hostname.
server.crypt.gy 188.165.211.48

This is a preview of Host Names I have Researched, Flummoxed. Read the full post (433 words, 0 images, estimated 1:44 mins reading time)

Reducing your Bandwidth for WordPress and Drupal

Busy I have been recently, with not much time for my blog, but it was all for a good cause. My internet service provider (ISP) informed me that I was taking up too much CPU time on their shared service and banned me. I am a good guy and generally follow the rules, so getting banned is out of character. After a frantic email they restored my account so that I could figure out what happened. I truly am a “less is more” type of guy, and that includes IT resources, and my online sites are pretty consistent, so a propensity of new content was not the issue. Eventually I took some steps to rein in the numerous bots that were scraping and doing whatever to my site, wasting my CPU usage on my tab, and eventually getting me banned. If your site is suffering the same fate, you may glean some hints and tips for reducing your CPU usage.

This is a preview of Reducing your Bandwidth for WordPress and Drupal. Read the full post (1545 words, 0 images, estimated 6:11 mins reading time)