Saturday, May 27, 2006

ServePath to being banned

Found a bunch of random stuff coming from a hosting company called ServePath today while running historical analysis on a batch of IPs.

Now these are the visible crawlers that came from ServePath:

64.151.75.252 PEAR HTTP_Request class ( http://pear.php.net/ )
64.151.64.212 "Jakarta Commons-HttpClient/3.0"
64.151.65.12 "Jakarta Commons-HttpClient/3.0"
64.151.111.116 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
64.151.112.44 NutchCVS/0.7.1 (Nutch; http://lucene.apache.org/nutch/bot.html; nutch-agent@lucene.apache.org)
Here's the whole range:
OrgName: ServePath, LLC
NetRange: 64.151.64.0 - 64.151.127.255
CIDR: 64.151.64.0/18
I'm going to block the whole thing and see if there are any stealth crawlers operating out of that location that haven't tripped any alarms yet and see what happens.

3 comments:

Keith said...

Seems to be another ServPath net range out there.
Had one come by my blog from IP 69.59.180.18.
Info on this IP is:
NetRange: 69.59.128.0 - 69.59.191.255
CIDR: 69.59.128.0/18
NetName: SERVEPATH-BLK2
NetHandle: NET-69-59-128-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS.SERVEPATH.COM
NameServer: NS1.SERVEPATH.COM

It pulled nothing but the favicon.ico and check access to / and that's it.
Probably a drive-by for access.

IncrediBILL said...

Thanks Keith!

I think I found some other stuff too as they seem to have a few blocks and decided just to block EVERYTHING with their reverse dns prefix of "customer-reverse-entry." and see what happened.

I've caught a few strays with that but probably missing things that actually reverse resolve to actual domain names.

Anonymous said...

Small world. Was just G'ing the IP and here ye be! Good move re the reverse, Bill -- that's all I've seen:

customer-reverse-entry.64.151.65.12- - [29/May/...] "Jakarta Commons-HttpClient/3.0"
customer-reverse-entry.64.151.65.12 - - [14/Jun/...] "Jakarta Commons-HttpClient/3.0"
customer-reverse-entry.64.151.65.12 - - [16/Jun/...] "Jakarta Commons-HttpClient/3.0"
customer-reverse-entry.64.151.100.156 - - [17/Jun/...] HEAD "online link validator (http://www.dead-links.com/)"
customer-reverse-entry.64.151.65.12 - - [17/Jun/...] "Jakarta Commons-HttpClient/3.0"

She Who Doesn't Cuss, Dammit