Found another distributed IP batch sitting in a hosting farm claiming to be "nicebot".
Nicebot my ass...
Here's the range of IP's spotted with user agent nicebot:
188.8.131.52 - nicebotNSLOOKUP claims they belong to ServerPronto.
184.108.40.206 - nicebot
220.127.116.11 - nicebot
18.104.22.168 - nicebot
22.214.171.124 - nicebot
126.96.36.199 - nicebot
188.8.131.52 - nicebot
184.108.40.206 - nicebot
220.127.116.11 - nicebot
nslookup 18.104.22.168So I think I'm going to just block this range from ServerPronto as it's a hosting farm:
22.214.171.124.in-addr.arpa name = 169-120-60-69.serverpronto.com.
Serverpronto INMM-69-60-114-0 (NET-69-60-114-0-1)Some of you might naively think that you can just block "nicebot" with rewrite rules and solve your problem. However, my research has shown that many of these bots eventually change names when they get blocked by too many sites. You're best off blocking the source permanently so they don't slip thru the cracks next week crawling as something like ""Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; BTOW V9.0; SV1)" which you can't detect.
126.96.36.199 - 188.8.131.52
Remember, they're desperate when you cut off their source of revenue and they'll attempt to adapt so use the best prevention up front which is lock them out by location and don't waste your time fighting changing user agent names.