Void's Forums

Void Main's Beautiful Site
http://voidmain.is-a-geek.net/forums/

Does anyone know anything about this Site/IP address?

http://voidmain.is-a-geek.net/forums/viewtopic.php?f=9&t=98

Page 1 of 2

Does anyone know anything about this Site/IP address?

PostPosted: Wed Feb 05, 2003 2:31 pm
by Void Main
Does anyone know anything about the address 203.194.168.171? The site http://www.shaolinmicro.com/ appears to be associated with it. I just blocked their IP address as this is the second time they have run a web suck on these forums. I have no problem with this if it is legit but it appears to be some sort of robot. If you know anything about this please let me know and I will unblock the address. Thanks.

PostPosted: Wed Feb 05, 2003 3:00 pm
by ThePreacher
What exactly is a web suck?

PostPosted: Wed Feb 05, 2003 3:04 pm
by Void Main
I just meant a program like "websuck" or a "wget -r" that goes through your entire site and pulls everything it can from every link it can. This is not good to run on a forum for several reasons. At worst the program will go into a rucursion of links eating up bandwidth and CPU on the server which is what this thing seemed to have been doing. And it wasn't doing it through just one connection but seemed to spawn several connections in order to maximize it's suckness.

It happened about a week ago and I killed it. It ran for over an hour today before I finally blocked it. Here is the user agent string which I would assume is not the real agent:

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020

PostPosted: Wed Feb 05, 2003 4:44 pm
by Panos
It could be a spider or web-crawler. It could also be a spambot. In either case, that IP address points to that site which is strange. If I were you I'd block it as well.

PostPosted: Wed Feb 05, 2003 4:48 pm
by Void Main
If it's a crawler it's not a very good one. Google is nice and stays out of that stuff.

PostPosted: Wed Feb 05, 2003 4:56 pm
by Linux Frank
Well I dont know if this helps. It appears to be assigned to an ISP based in Hong Kong.

the APNIC whois gives this

inetnum: 203.194.168.170 - 203.194.168.185
netname: CLEVERMOTIONTECH-HK
country: HK
descr: CLEVER MOTION TECHNOLOGY LTD
admin-c: KK135-AP
tech-c: DI16-AP
changed: hostmaster@iadvantage.net.hk 20020904
mnt-by: MAINT-HK-IS
source: APNIC
status: UNSPECIFIED

person: KAN KAM YUEN ALAN
nic-hdl: KK135-AP
e-mail: alankan@cmindhk.com
address: ROOM 3A, 3/F., MOW SHING CENTRE,
address: 118 BEDFORD ROAD,
address: TAI KOK TSUI
phone: +852-27870778
fax-no: +852-27870778
country: HK
changed: hostmaster@iadvantage.net.hk 20020904
mnt-by: MAINT-HK-IS
source: APNIC

person: DNS IADVANTAGE
address: MEGATOP,
address: Mega-iAdvantage,
address: 399 Chai Wan Road,
address: Chai Wan, Hong Kong
country: HK
phone: +852-22088333
fax-no: +852-22672237
e-mail: dns@iadvantage.net
nic-hdl: DI16-AP
mnt-by: MAINT-HK-IS
changed: hostmaster@iadvantage.net 20010807
source: APNIC


Does this help? Sorry I can't find anything else, but if I can I'll let you know.

If you don't want this info on your site feel free to remove it without fear of offense :) [/code]

PostPosted: Wed Feb 05, 2003 5:03 pm
by Void Main
Yeah, I had already looked at that information. I just assumed it was an unfriendly bot of some sort. But if it was really someone interested in pulling my stuff because they found it useful I wanted to give them a chance to be unblocked, and of course to be informed that the way they were pulling it was causing me problems.

PostPosted: Wed Feb 05, 2003 5:17 pm
by Panos
Void Main wrote:If it's a crawler it's not a very good one. Google is nice and stays out of that stuff.


Yes i agree. The symptoms you prescribed though resemble those of a spambot scan. I wouldn't unblock it if i were you void, but then again you know that already. :wink:

PostPosted: Wed Feb 05, 2003 6:20 pm
by Void Main
If it is a spambot does anyone know any DoS kiddies looking for a target? :)

PostPosted: Thu Feb 06, 2003 6:18 am
by Calum
a small linux forum isn't really a target (but then, a society providing free software (like slackware.com) isn't either).

that site sucks. (haw haw! i kill me!)

PostPosted: Thu Feb 06, 2003 7:05 am
by Void Main
No, I wanted to know if anyone knew any DoS kiddies looking for a target that could blast that spambot machine. It will save everyone from getting one more SPAM in their email.

PostPosted: Thu Feb 06, 2003 12:22 pm
by Panos
I wish I knew some 'cause I really hate spammers! But then again who doesn't? :evil:

PostPosted: Thu Feb 06, 2003 6:05 pm
by Void Main
Here is today's "bot o' the day":

IP: 64.140.49.66, 67, 68, 69
Interesting information: http://www.turnitin.com/robot/crawlerinfo.html

IP has been blocked, I saw it trying to go through private messages. If you are responsible for this bot then send me a note. I do not appreciate this.

Sample Log entry:

64.140.49.67 - - [06/Feb/2003:00:13:57 -0600] "GET /robots.txt HTTP/1.0" 404 1081
"-" "TurnitinBot/1.5 (http://www.turnitin.com/robot/crawlerinfo.html)"


Guess I need to start working on my robots.txt file, for those that are nice enough to look for one.

PostPosted: Thu Feb 06, 2003 6:21 pm
by Panos
Void Main wrote:IP has been blocked, I saw it trying to go through private messages. If you are responsible for this bot then send me a note. I do not appreciate this.


Who exactly are you refering to void main? I hope that it's not me! :shock:

PostPosted: Thu Feb 06, 2003 7:29 pm
by Void Main
Panos wrote:Who exactly are you refering to void main? I hope that it's not me! :shock:


Heh heh, if I was referring to you, you never would have been able to post that message, and wouldn't be able to read this one. But if you are in charge of http://www.turnitin.com/ then yes, I would be referring to you. But I am pretty sure that is not the case. :)
All times are UTC - 6 hours
Page 1 of 2
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/