Fresh from the TekTalk site comes the news why you should stick the deny statement on the attributor.com website attacks.
Attributor acts like a super sleuth for the rich and famous along with those who hold vast copyrights. At least enough to pay their fees. For the fees they charge their clients they claim to rob billions of websites of billions of gigabytes in bandwidth to check and see if they have a word, picture or insight that might be claimed by the client.
Like Tektalk, we found the attributor.com IP hacking our site and in less than 10 minutes had sucked over 25gig in data. Watching the logs these hacks at Attributor suck your site over and over looking at every link to everything over and over again. We know of one video script site that has a search to youtube that got hit for 60 gig and they only had links to Youtube videos. The Attributor spider went nuts and his account was closed.
Now attributor may seem nice but they are taking money from people to rape your bandwidth without cause. Not only that, as a law unto themselves, they do this with no authority, without your permission and without recompense for their rape. Perhaps you think rape is a bit to harsh? If the freaks at Attributor would use a spider and abide by robots.txt they might not do the damage they do. But since they want to see what browsers see they must come into your site like humans, faking you. Robots do not look at videos and graphics and Attributor wants to see everything.
While a tax or fine should be put on Attributor for their brutal assaults on websites we think that you should be aware how to get them out.
Since they do not abide by robots.txt you must deny them in the .htaccess. This can only work if we are all vigilant to changes they will make in this IP due to exposure. We will be watching all our log files to let you know any more we find. Please do the same. Put this line at the top of your .htaccess file at root level
#attributor
deny from 64.41.145.177
How?
Just keep checking your log files for the IP's that download huge amounts of pages and data with the least amount of visits. Look at your logs and see any spikes in activity for a day or two. Get the IP numbers of these offenders and let us know. We can even check and help identify who is hitting you so hard. We all want to know really.
We found this info at Tek Talk
Tuesday, February 17, 2009
Thursday, February 12, 2009
More On Moronic Moroccan Hackers
Some people have asked for some details on the recent spate of Moroccan hackers, so here we go.
The recent spate of hackers come from these IP's in Rabat, Morroco:
196.206.67.140
196.206.69.15
196.217.66.232
196.217.93.129
196.206.105.146
196.206.64.0
196.206.127.255
and one of their buddies
196.206.73.8 in Meknes
These all come from iam.net.ma who are part of dynadot.com
spam contact email
elasri@menara.maoumlil@iam.net.ma
info@dynadot.com
These people host a site that these hackers belong to at arabic-m.com. The site is a childrens sandbox and the only problem is the children getting the autohack tools are not just trying to leave a deface message but destroy data. There are no creative minds at work but still Beware! They are malicious without reason.
These are not anything near "good hackers" they are idiots and do not just deface, they delete all data on a hard drive in a destructive visit.
The recent spate of hackers come from these IP's in Rabat, Morroco:
196.206.67.140
196.206.69.15
196.217.66.232
196.217.93.129
196.206.105.146
196.206.64.0
196.206.127.255
and one of their buddies
196.206.73.8 in Meknes
These all come from iam.net.ma who are part of dynadot.com
spam contact email
elasri@menara.maoumlil@iam.net.ma
info@dynadot.com
These people host a site that these hackers belong to at arabic-m.com. The site is a childrens sandbox and the only problem is the children getting the autohack tools are not just trying to leave a deface message but destroy data. There are no creative minds at work but still Beware! They are malicious without reason.
These are not anything near "good hackers" they are idiots and do not just deface, they delete all data on a hard drive in a destructive visit.
Labels:
Bandwidth,
Criminals,
Hackers,
Morocco,
Online Terror
Hackers Beware! Deny Them Access
Recently a server I work on was hit by a bunch of chump kids from a couple of Internet cafes in Morocco. Foisting their shilliness on some sites and deleting most of the others. I caught them in the early part of their mayhem and cut their tools off, but the damage was done.
How to keep them off?
At first we found them operating in a couple of cafes in Morocco and barred the IP ranges for their host. Then the clients all asked if they could get the whole country and sure enough we found this masterpiece. "Block a Country!" What a great idea! The site gets hack attacks but it is
http://www.blockacountry.com/
It seems to keep up to date and you can ban whomever you want. Just pick them if they pick you!
We had another client who was being pounded by China all searching for foot fetish porn. He had a search script as a feature to his site to find any video on Youtube. Unfortunately YouTube command for keeping adult material off the site did not work and it became known quickly as a way to bypass YouTube filters set for countries. Oh man, this poor guy was hit! So much traffic and all very useless. They are not there for his real content, or to contribute or to click on an advert, they just want to suck the porn. So, we found this tool worked fine to zero them out.
Now, here is a bit of a gift, the top part of one of our clients .htaccess. Each entry is for something special we will cover in the next article. Your project is to see if you can figure out who they are and if they are sucking your bandwidth?
#attributor
deny from 64.41.145.177
#soso search
deny from 124.115.0.0/24
#Lightspeed
deny from 69.84.207.39
# Dutch gamers
deny from 84.244.189.99
#Bastards at Go daddy
deny from 68.178.211.195
deny from 72.167.232.0/24 BEWARE THESE GUYS ARE DOING STUFF NOW!
#turkey dicks
deny from 212.156.63.30
#Moroc Hackers
deny from 41.205.192.0/19
deny from 41.248.0.0/14
deny from 62.251.128.0/17
deny from 81.192.0.0/16
deny from 194.204.192.0/19
deny from 194.204.224.0/19
deny from 196.2.80.0/20
deny from 196.12.192.0/18
deny from 196.200.128.0/18
deny from 196.206.0.0/16
deny from 196.217.0.0/16
deny from 212.217.0.0/17
deny from 194.6.224.0/24
You can capture your victims with your .htaccess, add more countries with this fabulous tool, and a 403.shtml will send them somewhere fun.
Good luck out there! Get back to us with any tips on bandwidth hogs or hack attacks!
How to keep them off?
At first we found them operating in a couple of cafes in Morocco and barred the IP ranges for their host. Then the clients all asked if they could get the whole country and sure enough we found this masterpiece. "Block a Country!" What a great idea! The site gets hack attacks but it is
http://www.blockacountry.com/
It seems to keep up to date and you can ban whomever you want. Just pick them if they pick you!
We had another client who was being pounded by China all searching for foot fetish porn. He had a search script as a feature to his site to find any video on Youtube. Unfortunately YouTube command for keeping adult material off the site did not work and it became known quickly as a way to bypass YouTube filters set for countries. Oh man, this poor guy was hit! So much traffic and all very useless. They are not there for his real content, or to contribute or to click on an advert, they just want to suck the porn. So, we found this tool worked fine to zero them out.
Now, here is a bit of a gift, the top part of one of our clients .htaccess. Each entry is for something special we will cover in the next article. Your project is to see if you can figure out who they are and if they are sucking your bandwidth?
#attributor
deny from 64.41.145.177
#soso search
deny from 124.115.0.0/24
#Lightspeed
deny from 69.84.207.39
# Dutch gamers
deny from 84.244.189.99
#Bastards at Go daddy
deny from 68.178.211.195
deny from 72.167.232.0/24 BEWARE THESE GUYS ARE DOING STUFF NOW!
#turkey dicks
deny from 212.156.63.30
#Moroc Hackers
deny from 41.205.192.0/19
deny from 41.248.0.0/14
deny from 62.251.128.0/17
deny from 81.192.0.0/16
deny from 194.204.192.0/19
deny from 194.204.224.0/19
deny from 196.2.80.0/20
deny from 196.12.192.0/18
deny from 196.200.128.0/18
deny from 196.206.0.0/16
deny from 196.217.0.0/16
deny from 212.217.0.0/17
deny from 194.6.224.0/24
You can capture your victims with your .htaccess, add more countries with this fabulous tool, and a 403.shtml will send them somewhere fun.
Good luck out there! Get back to us with any tips on bandwidth hogs or hack attacks!
Friday, May 9, 2008
Cuill Joins The Hog Spotting Limelight
Cuill will steal all your bandwidth its regular robot attacks!
Cuill, pronounced “cool” came to our attention in the last month as it pounded our sites with a single thrust of robots. Grabbing 350 Meg in a few minutes it brought down a site owning a mere 127 pages using a circular and redundant search process. It came on one Drupal site with the archive module active and brought up a page for every day this century and last no matter content or not. If a date is on a calendar it is searched. How many centuries will it go before it turns off?
If it were not for Hog Spotter I would not have figured it out even though the IP numbers were among the highest users Cuill uses a series of IP numbers so that you don’t see one big block coming at you.
The Cuill site is rather sparse with a bragging piece on their 25 million dollar venture capital infusion and a vague reference to important people hired from the real search engines. No names of course but a real home feel to it. Their site claims they are pioneering a new approach to search and that may well be but Hog Spotter wants to put them by the wayside for their rather rude spider.
Cuill sends out their robot spiders all at once and dig through all your links multiple times and it seems from all directions. Similar to the notorious Munax monsters. However Cuill seems to have some kind of spider that rams through your site at high speed. This may be good or this may be bad depending on where you stand.
This is a good thing as the spiders only ram your site for a couple minutes or so. It is a bad thing because even small sites of 120 pages with graphics taking up 1 meg disk space can find the Cuill search engine glomming a huge half gig in bandwidth to get it all before it leaves. In the case of one of our sites the Cuill spider visit meant we were over using system resources and a cutoff in service occurred. Cuill has no form on their site for web owners to recoup the money for the bandwidth or any damage they cause for their abusive programs. So my sparse users and legitimate search engine traffic was cut off from the site for four hours as we restored it.
I said it was a good thing the Cuill spiders only ram your site for a couple minutes? Well that good time wears out fast as the spider returns several times each month. If you can afford to make such gregarious and generous donations to a Silicon Valley startup, as they rip off every site they can find, you can enjoy the hits, as they too will come on as users as well as robots. Fake hits of course, as no person is there, just their spider. When the content is gathered they wont bother you anymore. No, just show your content with some great advertising to keep them in their own loop.
This is just another I wanna catch up with Google, Yahoo and Microsoft at the expense of website owners.
I am not sure where it was written that if you want to get into the search engine game you could ignore rules and propriety and just skuzzy your content in whatever way you can without regard to anyone or thing. But the day of the stealth theft of your content and bandwidth has ended with the rise of the Hog Spotter!
We have not only put a disallow in the robots.txt but have put a deny in the .htaccess to make sure they do not return disguised as browsers
For robots.txt the format to deny them is to place this at the top.
User-agent: twiceler
Disallow:/
Never trust a Hog. To insure their exclusion use .htaccess file. Their claimed IP addresses and code to deny in .htaccess:
#Cuill
deny from 208.36.144.10
deny from 208.36.144.6
deny from 208.36.144.7
deny from 208.36.144.8
deny from 208.36.144.9
deny from 38.99.13.121
deny from 38.99.13.122
deny from 38.99.13.123
deny from 38.99.13.124
deny from 38.99.13.125
deny from 38.99.13.126
deny from 38.99.44.10
deny from 38.99.44.101
deny from 38.99.44.102
deny from 38.99.44.103
deny from 38.99.44.104
deny from 64.1.215.162
deny from 64.1.215.163
deny from 64.1.215.164
deny from 64.1.215.165
deny from 64.1.215.166
For complete protection we suggest blocking their servers at the .htaccess level. As usual check our deny.txt at Tek Talk for regular updates and find out what we use in our websites. Please let us know your experiences and we can add new IPs and search hogs to the lists.
Randy Penn
Cuill, pronounced “cool” came to our attention in the last month as it pounded our sites with a single thrust of robots. Grabbing 350 Meg in a few minutes it brought down a site owning a mere 127 pages using a circular and redundant search process. It came on one Drupal site with the archive module active and brought up a page for every day this century and last no matter content or not. If a date is on a calendar it is searched. How many centuries will it go before it turns off?
If it were not for Hog Spotter I would not have figured it out even though the IP numbers were among the highest users Cuill uses a series of IP numbers so that you don’t see one big block coming at you.
The Cuill site is rather sparse with a bragging piece on their 25 million dollar venture capital infusion and a vague reference to important people hired from the real search engines. No names of course but a real home feel to it. Their site claims they are pioneering a new approach to search and that may well be but Hog Spotter wants to put them by the wayside for their rather rude spider.
Cuill sends out their robot spiders all at once and dig through all your links multiple times and it seems from all directions. Similar to the notorious Munax monsters. However Cuill seems to have some kind of spider that rams through your site at high speed. This may be good or this may be bad depending on where you stand.
This is a good thing as the spiders only ram your site for a couple minutes or so. It is a bad thing because even small sites of 120 pages with graphics taking up 1 meg disk space can find the Cuill search engine glomming a huge half gig in bandwidth to get it all before it leaves. In the case of one of our sites the Cuill spider visit meant we were over using system resources and a cutoff in service occurred. Cuill has no form on their site for web owners to recoup the money for the bandwidth or any damage they cause for their abusive programs. So my sparse users and legitimate search engine traffic was cut off from the site for four hours as we restored it.
I said it was a good thing the Cuill spiders only ram your site for a couple minutes? Well that good time wears out fast as the spider returns several times each month. If you can afford to make such gregarious and generous donations to a Silicon Valley startup, as they rip off every site they can find, you can enjoy the hits, as they too will come on as users as well as robots. Fake hits of course, as no person is there, just their spider. When the content is gathered they wont bother you anymore. No, just show your content with some great advertising to keep them in their own loop.
This is just another I wanna catch up with Google, Yahoo and Microsoft at the expense of website owners.
I am not sure where it was written that if you want to get into the search engine game you could ignore rules and propriety and just skuzzy your content in whatever way you can without regard to anyone or thing. But the day of the stealth theft of your content and bandwidth has ended with the rise of the Hog Spotter!
We have not only put a disallow in the robots.txt but have put a deny in the .htaccess to make sure they do not return disguised as browsers
For robots.txt the format to deny them is to place this at the top.
User-agent: twiceler
Disallow:/
Never trust a Hog. To insure their exclusion use .htaccess file. Their claimed IP addresses and code to deny in .htaccess:
#Cuill
deny from 208.36.144.10
deny from 208.36.144.6
deny from 208.36.144.7
deny from 208.36.144.8
deny from 208.36.144.9
deny from 38.99.13.121
deny from 38.99.13.122
deny from 38.99.13.123
deny from 38.99.13.124
deny from 38.99.13.125
deny from 38.99.13.126
deny from 38.99.44.10
deny from 38.99.44.101
deny from 38.99.44.102
deny from 38.99.44.103
deny from 38.99.44.104
deny from 64.1.215.162
deny from 64.1.215.163
deny from 64.1.215.164
deny from 64.1.215.165
deny from 64.1.215.166
For complete protection we suggest blocking their servers at the .htaccess level. As usual check our deny.txt at Tek Talk for regular updates and find out what we use in our websites. Please let us know your experiences and we can add new IPs and search hogs to the lists.
Randy Penn
Labels:
bandwidth hogs,
Cuill,
hog spotting,
robots,
search engines,
spiders,
technology
Tuesday, May 6, 2008
Beware the Eyes of MUNAX LLC
Look at your sites log files and you will surely find a lot of hits from a strange user. Check your logs for a user, that is right, a user with the IP numbers from 82.99.30.2 - 82.99.30.73 and you will find this user probably took several thousand gig of bandwidth trying to suck your site in. They disguise their robots as a web browser from a normal human being to get past the robots.txt and any exclusions you may put in there.
This is the evil MUNAX search engine. Lowlifes slip onto your site in disguise of a browser but hit your site with spiders. Hundreds at a time. You think your site is very popular but the page views do not grow. Why? Cause it is a robot trying to avoid your robot.txt exclusions.
A lot of sites are talking about it now and Hog Spotting is now dedicated to finding and reporting the bandwidth hogs - specially the dirty bastards like Munax!
Read about it at Tek Talk the best news in gadgets, widgets and tek news and you can download the deny.txt from there. The deny.txt is our complete list of spammers, jammers and places where spam comes from. It has every network known so far in Russia, China, South Korea, and India. Unless you have some reason to have legitimate traffic from these networks you will find them scraping, scaming and slaming your site frequently without being denied entrance. Updated all the time so check back often as you find your bandwidth eaten.
With your help we may be able to keep them at bay so give us a tip if you see something while out Hog Spotting!
This is the evil MUNAX search engine. Lowlifes slip onto your site in disguise of a browser but hit your site with spiders. Hundreds at a time. You think your site is very popular but the page views do not grow. Why? Cause it is a robot trying to avoid your robot.txt exclusions.
A lot of sites are talking about it now and Hog Spotting is now dedicated to finding and reporting the bandwidth hogs - specially the dirty bastards like Munax!
Read about it at Tek Talk the best news in gadgets, widgets and tek news and you can download the deny.txt from there. The deny.txt is our complete list of spammers, jammers and places where spam comes from. It has every network known so far in Russia, China, South Korea, and India. Unless you have some reason to have legitimate traffic from these networks you will find them scraping, scaming and slaming your site frequently without being denied entrance. Updated all the time so check back often as you find your bandwidth eaten.
With your help we may be able to keep them at bay so give us a tip if you see something while out Hog Spotting!
Labels:
Bandwidth,
MUNAX,
search engines,
SEO,
technology
Subscribe to:
Posts (Atom)