tag:blogger.com,1999:blog-192483752008-07-25T07:14:46.690-07:00IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comBlogger679125tag:blogger.com,1999:blog-19248375.post-38878621123608667182008-07-24T11:06:00.000-07:002008-07-24T11:49:53.732-07:00

I tried to support Sphinn's efforts by putting the SphinnIt button on my site to help raise awareness of what they were trying to do with something unique for the SEO community. Unfortunately, Sphinn devolved into a bunch of Sphamm and when one of their members pointed out how widespread the problem was they banned Edward. OK, Edward (pageoneresults) can push the envelope a little but it wasn't

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-57550965617464218402008-07-06T16:55:00.000-07:002008-07-10T16:48:58.507-07:00

Over a year ago I wrote about a bunch of iPowerWeb's shared servers being hacked, and it looked like they were trying to clean it up, but now it's time for round two of hacking. The latest batch of hacked sites may have a DNS hack as well, I'm not sure that's the case but Alex seems to think it is. All these sites have the following Whois Name Server entries: Name Server: NS1.IPOWERDNS.COM

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-27867195559415706552008-06-17T12:16:00.000-07:002008-06-17T15:07:06.671-07:00

For those of you that might've missed the whole AVG 8 LinkScanner disaster and ensuing AVG reputation nightmare, here's a quick recap and links to places to read all the details. Webmasters started noticing a rash of distributed IP's with the same user agent, no referrer, and a few other technical issues I won't go into now, that suddenly started pounding their sites: Mozilla/4.0 (compatible;

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-83835799934304656612008-05-22T02:00:00.001-07:002008-05-22T02:16:06.237-07:00

Looks like yet another corporate compliance spybot is hitting our servers, not like we need yet another spybot. There's only one IP out of this entire range that consistently hits my servers. OrgName: Corporation Service Company OrgID: CORPO-9-Z NetRange: 165.160.0.0 - 165.160.255.255 They claim to crawl the web: Our proprietary technology scans and digests web

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-58604763540394877232008-05-12T15:24:00.000-07:002008-05-13T11:32:19.916-07:00

How often do we see that happy line of horse shit spread by every new startup that crawls the web about how minimal it's impact will be? Every fucking one of them claim it but when you add them all together the bot traffic is quickly exceeding the human traffic. Who the fuck am I kidding, on most sites the bots clearly out number the humans in pages read on a daily basis. First we put the big

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-38100410983427011342008-05-12T11:46:00.000-07:002008-05-12T12:36:01.664-07:00

There's three basic methods being used at the moment to protect web surfers from potential dangers which are static (stale), active and passive. Static Web Protection Various companies use the static method which relies on crawling the web in advance to find vulnerabilities and then attempt to warn visitors about these problems as they are about to visit a web site. McAfee's SiteAdvisor and

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-5601887322649670242008-04-27T13:42:00.000-07:002008-04-27T13:55:00.539-07:00

Can you believe that someone is actually surfing the web using some free browser called Off By One that doesn't appear to have been updated in the last 2 years? The user agent is as follows: "Mozilla/6.0(compatible;OffByOne;Windows 2000)" The irregular formatting convention triggered the bot trap with the lack of spaces alone. Then it claims to be Mozilla 6.0 when it's probably Mozilla 3.0 at

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-20917527453813372092008-04-20T15:32:00.000-07:002008-04-20T15:42:38.685-07:00

For years I've been deleting all those emails asking me to exchange links and I won't swap links with any of that crap. Suddenly I've had an epiphany and YES!, now I'll swap links with you, no problem! I'm only agreeing to swap links as requested. I'm not using NOFOLLOW on those links as requested. You can see my links when you visit, online and visible as agreed. Unfortunately my link

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-82307148214080419192008-04-20T14:24:00.000-07:002008-04-20T14:56:26.197-07:00

I found this user agent coming out of Microsoft's Area 131 requesting that people "contact kaushik for these experiments" that kept hitting one of my servers. 131.107.0.96 "contact kaushik for these experiments" So I did a little data mining of my own and searched Microsoft and couldn't decide if this experiment was from Kaushik #1 or Kaushik #2. Both Kaushik's appear to be working for the Data

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-14382989131287938612008-04-20T14:11:00.000-07:002008-04-20T14:16:57.599-07:00

Ran into a user agent from DNSRight today that claimed to be some link check tool that doesn't appear on their site. 66.240.236.220 "GET / " "http://www.dnsright.com/" "DNSRight.com WebBot Link Ckeck Tool. Report abuse to: dnsr@dnsright.com" So I ran some of their other tools that don't identify themselves at all. 66.240.236.220 "GET / HTTP/1.1" "-" "-"They host this mess at cari.net so just

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-20865046726889859612008-04-17T15:59:00.000-07:002008-04-17T16:40:24.987-07:00

There must be good money spying on everyone because it seems a new company springs up almost weekly trying to claim their stake in this new gold rush. How many fucking spybots do we need? Today on the spybot circuit the we're serving up a helping of Picmole that's using heritrix to do it's crawling. Surprisingly it still checks robots.txt but who knows if they'll honor it down the road because

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-84331669091031198122008-04-17T10:46:00.000-07:002008-04-17T11:15:05.719-07:00

Here's another product of Canada doing the stupidest shit ever seen, collecting favicons. It came and grabbed my icon, then hit the home page which the bot blocker promptly stopped, so who the knows what else it would've done beyond that. 66.207.217.138 [gaspra.crazylogic.net.] "Favcollector/2.0 (info@favcollector.com http://www.favcollector.com/)"From their FAQ: Favcollector is a spider that

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-53887099081281147602008-04-17T10:13:00.000-07:002008-04-17T10:23:28.443-07:00

It's hard to resist commenting on a bot that can't even spell it's own name or it's country name correctly. 206.248.137.34 [mycanadasearch.ca.] "canasasearchbot(http://www.mycanadasearch.ca/robots.html)"However they got it right on their robots page: User-agent: canadasearchbot It did ask for robots.txt but who knows if it was looking for "canasasearchbot" or "canadasearchbot", total crap shoot.

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-65395088844538088562008-04-14T17:46:00.000-07:002008-04-14T17:52:11.499-07:00

Yet another Firefox-based screen shot tool hit my other site today just in time to take a screen shot of an error message telling them they weren't allowed to take screen shots without permission. Details: 61.206.125.245 [tempest.nemui.org.] "Mozilla/5.0 (Gecko/20070310 Mozshot/0.0.20070628; http://mozshot.nemui.org/)" This thing appears to be open source, oh joy...

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-47689347410483029712008-04-11T10:43:00.000-07:002008-04-11T12:03:14.030-07:00

Yet another social media mining operation designed to track every bit of intel said about brands, people, politics and more. From a translation of their site: Our solutions simplify the identification of influential communities and monitoring of their conversations, to the benefit of businesses, communication agencies or research institutes. RTGI's approach allows the analysis of the links and

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-18324829327887333982008-04-11T09:56:00.000-07:002008-04-11T10:37:13.026-07:00

Since I whitelist allowed bots I've had Project Rialto blocked since the beginning but I was curious what they were doing since they first showed up on my radar on 01/23/2008 and kept coming back over and over. From one of their job ads: We are designing high-performance algorithms and developing reliable, fault-tolerant and scalable real-time systems that can

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-54125572104698267522008-04-09T17:10:00.000-07:002008-04-10T08:24:32.267-07:00

For those of you unfamiliar with Radian6 it's a "social media monitoring tool" because apparently everyone with an opinion on the internet needs someone to spy on their ass since we're disruptive. Well bummer. Isn't it a shame the good old days are gone where companies told you everything you needed to know about their brand and you had to be a journalist just to get your opinion heard? Of

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-76888186349248068642008-04-04T22:50:00.000-07:002008-04-04T23:01:37.430-07:00

I found this little Discobot from Discovery Engine trying to dance around on my server but the bot blocker bouncer at the door was already keeping him behind the velvet ropes. Here's a sample of what I saw on my site: 208.96.54.74 "GET /robots.txt" "Mozilla/5.0 (compatible; discobot/1.0; +http://discoveryengine.com/discobot.html)" 208.96.54.68 "Mozilla/5.0 (compatible; discobot/1.0; +http://

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-46932872937619919672008-04-04T21:45:00.000-07:002008-04-04T22:19:21.560-07:00

I saw this little Persaibot hit my site today without even looking at robots.txt and their website has the balls to say: Persai uses this bot to crawl the web. It's probably the nicest bot with the greatest personality in the world. Seriously, give it some attention. Exactly how nice can a bot be that doesn't read robots.txt? Did you read it and cache it some other day? Doesn't matter, that was

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-86665293093405767432008-04-04T11:36:00.000-07:002008-04-04T12:05:56.980-07:00

This little annoying DART thing that keeps bouncing off my web site appears to be written by CRS4, the Center for Advanced Studies, Research and Development in Sardinia. It would appear DART stands for "Distributed Agent-based Retrieval Tools" and they even have a workshop in '06 about this damn thing touted as "The Future of Search Engines' Technologies" that had people from Yahoo!, Google,

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-82676864367045329492008-03-29T11:31:00.000-07:002008-03-29T18:55:59.509-07:00

Note the lack of a question mark in the title because this wasn't a question about "WHO?" but an actual statement about "WHO!" and by that I mean the WHO as in an office of the World Health Organization. It registered 411 page requests from 203.94.76.59 which is a non-portable address assigned to the WHO Representative Office in Sri Lanka. Here's the IP and UA:

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-46923304995773625242008-03-28T14:22:00.000-07:002008-03-28T14:39:19.255-07:00

REBI-Shoveler must be easily overlooked as it's very unusual to go to a search engine and type in the user agent and get no authoritative hit from any bot hunter whatsoever. There were tons of hits from various web stat pages but nothing I could easily find that gave me any clue what in the hell this thing was. With this little information all I knew was it came from Korea, otherwise I was

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-77602494791402968902008-03-28T13:43:00.000-07:002008-03-28T13:55:06.643-07:00

Looks like JonDonym - the internet anonymisation service is actively operating as those little anonymous hits are coming from their servers. I have a couple of actual scrapes happening from their IPs, who would suspect abuse of anon proxies, right? Here's a couple of examples of activity: 141.76.45.34 [proxy1.anon-online.org.] Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.13) Gecko/

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-13036009522881215692008-03-24T16:42:00.000-07:002008-03-24T17:05:20.441-07:00

Time to rant about a big pet peeve of mine, that little line of javascript that detects whether or not Flash is installed and the stupid shit developers do when it fails. For a little introduction to the problem, I run Firefox with NoScript enabled globally for security purposes. However, I can easily enable javascript with a click except some developers do some really stupid shit that's costing

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.comtag:blogger.com,1999:blog-19248375.post-4378222182210322452008-03-14T14:55:00.000-07:002008-03-14T16:03:41.637-07:00

Looks like I was right on the money back in Oct '07 when I announced that I had spotted SearchMe taking screen shots on one of my sites and I knew this was a hot news item but couldn't get the Sphinners to bite on it. Here we are 6 months later and the story broke a couple of days ago on the Silicon Valley WebGuild: Searchme is a new search engine that captures images of web pages and allows

IncrediBILLhttp://www.blogger.com/profile/14244934627308399202noreply@blogger.com