Munax
I noticed something interesting today when looking at my stats for my humour blog. I’m not certain if it is someone scraping my site, a potential spam bot, an indexing bot or something else entirely. There were 26 hits spread over 42 minutes coming from 82.99.30.0/26 (that’s a 64 IP subnet in Sweden). Each hit was from a separate IP in that subnet. No two hits were from the same IP.
Information related to ‘82.99.30.0 - 82.99.30.127′
inetnum: 82.99.30.0 - 82.99.30.127
netname:
descr: Munax AB
country: SE
admin-c: JG3201-RIPE
tech-c: JG3201-RIPE
status: ASSIGNED PA “status:” definitions
mnt-by: IP-ONLY-MNT
source: RIPE # Filtered
a traceroute to one of the IPs ends at
22 218 ms 320 ms 218 ms SESTO0001-RD2.ip-only.net [82.99.32.98]
before it hits a firewall
IP-only.net is an infrastructure backbone provider in Sweden
As there was no referrer listed in the stats I’ve ruled out someone posting a link to these jokes (and each hit was to a different page.)
AHA! - after spending the last 30 minutes or so researching this I found http://incredibill.blogspot.com/2007/11/munax-stealth-crawler.html, a very useful source of information on bots and Munax appears to be a very arrogant crawler out of Sweden - arrogant as in it ignores your . Well screw you - your entire IP range is now blocked at my server’s firewall.
I’m getting really sick of all the out there sucking up and bandwidth.
Related posts
« Global Internet Security Threat Report Volume XIII
At last! »
Comments
Comment from Doug Alder
Time: 5/9/2008, 11:44 am
Thanks Randy -no problem at all ll be incorporating that list into iptables first chance I get 
- btw - if you’re not already using Bad Behavior - I recommend it.
Comment from Randy Penn
Time: 5/9/2008, 10:30 am
A lot of us got pissed about this and if you see the datelines this offender has been years at this.
We actually used 82.99.30.0/25 as the deny block. Do you have hits from more than their claimed blocks? We are building a file called deny.txt that will have as up to date as we can find offenders and bandwidth hogs. I am just finishing an article on cuill.com which pounds your site when they come in as you subsidize a new silicon valley startup.
So we put up the Hog Spotting blog. I am probably going to link to you and use your example as another one bit by Munass. Contact me if that is a problem.
I hope the list helps. It has most of the China, Korea and India bandwidth hogs also and many spam addresses we find along the way. All hogs to be spotted and teathered.
Best to you
Randy Penn