Today I noticed another hit from this same server farm in Germany with something pretending to be a Windows browser:
62.75.218.82 [elbe016.server4you.de.] requested 16 pages as "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x4.90)"So I checked my archives and sure enough it's been here a time or two before attempting to get inside and there was some hit's from other assocated IP's in their range.
Who hosts this mess appears to be intergenia.de:
netnum: 62.75.128.0 - 62.75.255.255Which also owns plusserver.de, server4you.de, server4you.com, netfabrik.de, and some end user services who's IP's may be a part of intergenia.de's range, no clue.
org: ORG-iGCK1-RIPE
netname: DE-INTERGENIA-20010727
descr: intergenia AG
The plusserver.de, server4you.de and netfabrik.de both appear to use this range:
inetnum: 217.172.167.0 - 217.172.169.255The server4you.com seems to have this block:
netname: PLUSSERVER-1
descr: PlusServer - Dedicated Premium Serverhosting
descr: http://www.plusserver.de
OrgName: Server4You Inc.Which means the crawler that started this search still can't be pinned down to a specific hosting block for server4you other than the reverse DNS claims it's server4you.de. I poked around doing a few nslookups in that range and they return either return static-ip-62-75-*-*.inaddr.intergenia.de or someserver.server4you.de so I'm a little hesitant just to block the whole intergenia.de range.
NetRange: 69.64.32.0 - 69.64.63.255
Comment: http://www.server4you.com
So it looks like I'll block the obvious hosting ranges by IP and server4you.de by reverse DNS for now.
1 comment:
What you see isn't exactly a mess. It all runs under the intergenia umbrella, however with different established brands:
http://www.intergenia.de/m_uebersicht.html
They don't offer any dialup/broadband services to end users, but hosting or backbone connectivity, so you can safely block these ranges without accidentally locking out legitimate German visitors ;-)
HTH,
Olliver
Post a Comment