10gbpsnl.greencloudvps.com hit my site looking for security weaknesses, so I thought it wise to research them and send them packing. They are a VPS, so I’ll never find the actual intruder.
They are spotty, so I will start small and work my way up.
108-36.hukot.net seems to be a Tor exit server. While I am all for the philosophy of net privacy, these Tor servers more often than not are used to content spam me. As a result I ban almost all of them. It is human nature, I suppose, to take something that should be beneficial and, using selfish and personal reasons, turn it to a tool of the bad.
Oh well, who am I to judge. This is my site, I ban content spammers, and I therefore also ban Tor content spammers, exit or not.
hukot.net seems to be an ISP from the Czech Republic.
host-64-166-83.ubernet.com.bd was testing my security, so I thought I would out them. ubernet.com.bd is an IP telephone and ISP, out of Bangledesh.
Pattern:
This guy seems to have an older and a newer pattern. The older pattern starts with 220.47 and then appends the last 2 octets of the host name. The newer pattern starts with 45 and appends the last 3 octets of the host name.
static.vnpt.vn does not resolve as a host name, and as they scraped me I will track them down. They are pretty tricky. One of their tactics is that they use the host name “localhost”, which looks odd in the access log. Tech staff cannot find the actual IP address.
As I work with these IP ranges it is clear that this content scraper is doing a real detriment to Viet Nam. The use of his IPs would force me to pretty much ban the whole country. As an emerging country this would be very bad for Viet Nam, all for the greed and selfishness of a single bot maker. I know that there are no morals with stealing content, as with thieves, but at this stage of Viet Nam’s development this bot maker could easily damage the country.
lyncdiscover.dps.gov.co has nothing to do with the Government of Columbia, and a good thing, because it is a content scraper bot.
dps.gov.co is the Departamento para la Prosperidad Social, part of the Columbian Government. I am unsure how a content scraper got hold of a Columbian Government extent, legally.
As this is a Government site I have contacted their tech contact, but they do not look too sophisticated. At least I have done my part to try to stop this abuse of the dps.gv.co host name.
Research:
186.170.31.134 186.170.0.0 /15 COLOMBIA TEL
186.170.31.134
186.170.31.134
pool.hdesknet.com.br is part of the fix-website-errors.com by Semalt SEO content scraper campaign, huge and very annoying. I wish they would just stop scraping my site. This botnet is huge and does not seem to want to end. It started with keywords-monitoring-success and free-video-tool.com, which then involved Virtua and megared.net.mx. The vast majority of these content scraper bots reside in Brazil and South America, but there are others from Italy and the US.
sl-reverse.com is a content spammer that is creeping into my site and I want it stopped. I’ll hunt them down and ban them. Sl-reverse also uses servers in Canada, Germany, Singapore, Japan and Italy, to name a few.
If they botnet my butt I will get more aggressive on them.
hn.kd.dhcp is spamming my site, so I need to remove it. This guy has been around for quote a while and has a long list of IPs, but not so long a list of IP ranges. This spammer runs out of Henan Province, China, but has used Jilin, Chongqing, Guangdong, and Shanghai
These may be related: hn.kd.ny.adsl; hn.ly.kd.adsl; hn.kd.dhcp
unassigned.calpop.com is a comment spammer, small yes, but still needs removal. They change this hostname’s IP a lot and move between different companies such as Calpop, CoreExpress, AirlineReservations.Com, and ATMLINK. They are out of Los Angeles. I am unsure if calpop.com is still in business, as Yelp postings suggest they are now closed. Their bot is still somehow finding electricity and connectivity to spam me, so the company and store die but the bot lives on…
