No one wants their last words to be "Oh my God! The old gypsy woman was right..."

April 28, 2008
Web Bots Permalink this Drivel Similar Drivel: Blogging, Business, Computer

It seems everyone and their dog has a web bot these days. They are a major source of bandwidth use (which could cost you money), but, worse, each time one scrapes your site it registers in your web stats as a visit. Identifying bots is not easy. Some stats programs, like Firestats, the one I use on my blogs, have a list of known bots and ignores any hits from them. This is a good thing but there are unscrupulous bot overlords out there who try and disguise their activity by faking their browser/OS identification packet headers and spreading their hits out several minutes apart. Here’s a good example of one such bot out of the Ukraine* - probably a SPAM bot as the former SSR states are the major source of SPAM bots (it’s not just SPAM bots that are being unethical - there’s one bot out of Sweden that pulls the same trick and when one site owner confronted the bot owner he claimed to be developing a Nordic search bot.)

  • 92.112.201.167 Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
  • 92.112.201.167 Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5
  • 92.112.201.167 Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv :1.7.5) Gecko/20050519 Netscape/8.0.1
  • 92.112.201.167 Mozilla/4.0 (compatible; MSIE 5.0; Mac_PowerPC) Opera 5.0 [en]
  • 92.112.201.167 Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1. 7.5) Gecko/20041220 K-Meleon/0.9
  • 92.112.201.167 Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Window s NT 5.1)

Note: those stats are not referrers, they are actual hits on the site from the same IP. 92.112.201.0/24 (that a Class C or 0-255 in the IP range) just hit my firewall deny rules :)

*inetnum: 92.112.109.0 - 92.113.255.255
netname: UKRTELNET
descr: Ukrtelecom IP access network
descr: NCC#
country: ua
remarks: E-mail for SPAM and abuse postmaster@ukrtel.net
admin-c: ARM42-RIPE
tech-c: ARM42-RIPE
status: ASSIGNED PA “status:” definitions
mnt-by: AS6849-MNT
source: RIPE # Filtered

person: Remiga Alexander
address: JSC UKRTELECOM
address: 18, Shevchenko blvd
address: Ukraine, Kiev
phone: +380 (44) 230-9024
nic-hdl: ARM42-RIPE
mnt-by: AS6849-MNT
source: RIPE # Filtered

Technorati Tags: , , , , ,

Posted by Doug Alder at 6:45 am

No comments yet.

Leave a Comment
Be nice or be gone. If you disagree with me or a commenter then attack the idea not the writer. If you can't be nice don't bother writing as I won't post it. If I don't know you and I suspect you may be a comment spammer you will be asked to confirm the comment via email. If you give me a false email address or do not respond to the verification email your comment will be deleted. Please do not feed the trolls

Line breaks automatic. For XHTML you can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Comment previewed here: