ilpuntoantico has to do with former point, Italian openwork needlepoint. Hosted by GoogleUserContent.com, I have tried to contact Google network-abuse@google.com for help to stop this referrer spammer (2016-Sept-29) but they have not replied. I have also contacted GoogleUserContent.com (abusecomplaints@markmonitor.com 2016-oct-19) for help in banning this hotlinking of images. This group of sites burns up a lot of bandwidth every day.
Conclusion: Filed a DMCA equest to Google. Awaiting their response.
tanyadokterkeluarga.blogspot is a persistent referrer spammer. They use a huge amount of Ip addresses that do not repeat the third octet. It has similar strategies to kosmetik-freaks.blogspot, in fact sharing identical IP ranges. They are sister referrer spammers. Both are not banned by the HTTP_REFERER in htaccess. If you kill one you kill the other, a nice double prize. As with the sister, this spammer runs out of Indonesia.
These are the referrers:
tanyadokterkeluarga.blogspot.ca
tanyadokterkeluarga.blogspot.co.id
tanyadokterkeluarga.blogspot.com
tanyadokterkeluarga.blogspot.in
tanyadokterkeluarga.blogspot.my
tanyadokterkeluarga.blogspot.sg
There are some scrapers and there are others that are ridiculous. I just got scraped hard by 209.133.216.182, 209-133-216-182.static.hvvc.us, with 105 server entries and 7 unique user agent names. Excessive, to say the least.
Here are the UA’s used:
Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+
Mozilla/5.0 (compatible; heritrix/3.3.0-SNAPSHOT-20160721-2308 +http://www.exif-search.com)
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
Opera/12.02 (Android 4.1; Linux; Opera Mobi/ADR-1111101157; U; en-US) Presto/2.9.201 Version/12.02
UniversalFeedParser/3.3 +http://feedparser.org/
Windows-Media-Player/11.0.5721.5145
This kosmetik-freaks.blogspot is a referrer spammer that has been harassing me for quite a long time. I have tried to ban them with an HTTP_REFERER ban but this does not work. My ISP, Site5, will not help me. They are predominantly out of Indonesia. They are pret103.47.135.43
103.47.135.50
103.47.135.7
103.47.135.72
too sophisticated to evade my detection for so long.
The sister referrer spammer is tanyadokterkeluarga.blogspot, which uses the identical method and largely shares the same IP ranges. When you kill one you kill the other. Almost all these UAs are mobile devices, leading me to believe these are mobile customers that have downloaded the same spam app.
kwpublisher.com is a long-time referrer spammer that I would like to remove. I have tried to ban them with an HTTP_REFERER ban but this does not work. My ISP, Site5, will not help me. This guy seems to have a similar method to kosmetik-freaks.blogspot. They seem to be out of Pakistan mostly, but have gone to Indonesia and China. I am now tracking them closely.
Conclusion: Tracked down the code hotlinking to my site. Complained to their domain names provider. Them they disappeared. Goodbye.
39.42.52.98 x 4 39.32.0.0 – 39.63.255.255 Pakistan Tel
Apache, the server and not the Indian tribe, is a fickle mistress. She is more than a little unpredictable, or at least it feels this way on Site5. While I realize that Apache is a web server, a computer who should be very logical, often times I notice very odd behaviour. Maybe it is the server setup, caching, or even traffic volume, I do not know. I do know that if you have some error in your htaccess file, the Apache server will then display a combination of ip addresses and host names. Once you fix the error, which no one can point out and there is no error message to go by, you will be back to only ip addresses.
Does your raw access log display a host name of “0”, or zero? Very odd, is it not? I have been struggling with this for a couple of months, and my ISP Site5 had no answers. It turns out that one of my spammers, NFORCE_ENTERTAINMENT, puts an unprintable character into their host table, so that when my ISP looks them up, they display the unprintable character in my log as “0”.
Trying to control your site’s spam can be challenging. If you try to ban an IP that is simply 0, or a host name of “0” you will fail, because there is no zero in their host name, but an unprintable character. Ban these guys instead.
The march of time stops for no one, rich or poor, for whomever. While humans may be able to mitigate their demise with a bit of compassion, there is none for old phones. Android phones grow old, older than 2 years old, slow down, and then get pitched into the back drawer, replaced by a new Android model, never to be turned on again.
After a long while your htaccess might get a tad long. My favourite htaccess checker only processes files up to 5,000 lines. Often this is due to lots of comments, which I encourage. Let us cover some ways you can shorten your htaccess:
Combine your user agents/referrers
If you have multiple user agent or referrers that have similar names, combine them into a single statement,
from:
RewriteCond %{HTTP_USER_AGENT} ^.*Blackboard\ Safeassign [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*BlackWidow [OR]
to:
RewriteCond %{HTTP_USER_AGENT} ^.*Black(board\ Safeassign|Widow) [OR]
no-ptr.as20860.net is a dual Ip spammer with a twist. The originating IP hostname lookup returns three IPs! You’ll need to ban all three, but there’s a lot more. They use IOMart, GB as their ISP.
It seems like this hostname also morphs to numerous IP addresses, making them difficult to track down.
Method:
no-ptr.as20860.net not only uses the dual ip spammer strategy, but also changes its host name through many ip addresses, making it double difficult to ban.
