We're seeing some hacker traffic from this network attempting to access this url:
/profile.php?name='+UNION+SELECT+1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+FROM+webl_admin%23
CustName: Alwatan Newspaper
Address: Unknown
City: Muscat
StateProv: Oman
PostalCode:
Country: OM
RegDate: 2008-07-10
Updated: 2008-07-10
NetRange: 216.7.173.16 - 216.7.173.31
CIDR: 216.7.173.16/28
NetName: D393-ENG01-216-7-173-16-28
NetHandle: NET-216-7-173-16-1
Parent: NET-216-7-160-0-1
NetType: Reassigned
Comment:
RegDate: 2008-07-10
Updated: 2008-07-10
OrgAbuseHandle: DAM96-ARIN
OrgAbuseName: Data393 Abuse Manager
OrgAbusePhone: +1-303-268-1500
OrgAbuseEmail: abuse@data393.net
OrgNOCHandle: DNOC2-ARIN
OrgNOCName: Data393 Network Operations Center
OrgNOCPhone: +1-303-268-1500
OrgNOCEmail: noc@data393.net
OrgTechHandle: IPADM77-ARIN
OrgTechName: IP Administration
OrgTechPhone: +1-303-268-1500
OrgTechEmail: ip-addr@data393.net
Trends from the trenches of Internet traffic. Hackers, spammers and Internet abuse. IP address database. DNS sightings. Views and opinions expressed are my own. ~ Teri Radichel @teriradichel
Thursday, July 16, 2009
CFNetwork
Getting hit with CFNetwork user agent from this IP: 24.41.43.231
OrgName: EARTHLINK, INC.
OrgID: EARTH-22
Address: 1375 PEACHTREE STREET
Address: LEVEL A
City: ATLANTA
StateProv: GA
PostalCode: 30309
Country: US
NetRange: 24.41.0.0 - 24.41.95.255
Seems to be a lot of odd traffic coming out of Atlanta networks lately.
OrgName: EARTHLINK, INC.
OrgID: EARTH-22
Address: 1375 PEACHTREE STREET
Address: LEVEL A
City: ATLANTA
StateProv: GA
PostalCode: 30309
Country: US
NetRange: 24.41.0.0 - 24.41.95.255
Seems to be a lot of odd traffic coming out of Atlanta networks lately.
Wednesday, July 15, 2009
Followsite on softlayer - misbehaving
Followsite bot hit our server over 70 times and appears to not be following robots.txt
Came from this IP:
74.86.223.42
SoftLayer Technologies Inc. SOFTLAYER-4-4 (NET-74-86-0-0-1)
74.86.0.0 - 74.86.255.255
ASX Networks ApS NET-74-86-223-40 (NET-74-86-223-40-1)
74.86.223.40 - 74.86.223.47
Came from this IP:
74.86.223.42
SoftLayer Technologies Inc. SOFTLAYER-4-4 (NET-74-86-0-0-1)
74.86.0.0 - 74.86.255.255
ASX Networks ApS NET-74-86-223-40 (NET-74-86-223-40-1)
74.86.223.40 - 74.86.223.47
Wowrack - unidentified traffic
Web servers in this network appear to be trying to hit our server:
dotnetdotcom.org 208-115-111-240-SLASH28 (NET-208-115-111-240-1)
208.115.111.240 - 208.115.111.255
Wowrack.com WOW-ARIN-NET2 (NET-208-115-96-0-1)
208.115.96.0 - 208.115.127.255
dotnetdotcom.org 208-115-111-240-SLASH28 (NET-208-115-111-240-1)
208.115.111.240 - 208.115.111.255
Wowrack.com WOW-ARIN-NET2 (NET-208-115-96-0-1)
208.115.96.0 - 208.115.127.255
Internode - Excessive traffic
We're getting excessive traffic from this IP range:
inetnum: 203.122.192.0 - 203.122.255.255
netname: INTERNODE1-NET
descr: Internode
descr: Internet Service Provider
descr: Adelaide, South Australia,
descr: Australia
country: AU
inetnum: 203.122.192.0 - 203.122.255.255
netname: INTERNODE1-NET
descr: Internode
descr: Internet Service Provider
descr: Adelaide, South Australia,
descr: Australia
country: AU
hacker - phpadmin
A hacker attempting to access phpadmin hit our server using perl from multiple networks.
URL contained:
/profile.php?name='+UNION+SELECT+1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+FROM+webl_admin%23
User agent: libwww-perl/5.811
IP #1: 207.210.89.18
Network:
OrgName: Global Net Access, LLC
OrgID: GNAL-2
Address: 1100 White St SW
City: Atlanta
StateProv: GA
PostalCode: 30310
Country: US
ReferralServer: rwhois://rwhois.gnax.net:4321
NetRange: 207.210.64.0 - 207.210.127.255
CIDR: 207.210.64.0/18
OriginAS: AS3595, AS16626
NetName: GNAXNET
NetHandle: NET-207-210-64-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.GNAX.NET
NameServer: DNS2.GNAX.NET
NameServer: NS1.GNAX.NET
NameServer: NS2.GNAX.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment: ********************************************
Comment: Reassignment information for this block is
Comment: available at rwhois.gnax.net port 4321
Comment: ********************************************
RegDate: 2005-04-12
Updated: 2007-06-01
RAbuseHandle: ABUSE745-ARIN
RAbuseName: GNAX ABUSE
RAbusePhone: +1-404-230-9150
RAbuseEmail: abuse@gnax.net
RNOCHandle: ENGIN7-ARIN
RNOCName: GNAX ENGINEERING
RNOCPhone: +1-404-230-9150
RNOCEmail: engineering@gnax.net
RTechHandle: ENGIN7-ARIN
RTechName: GNAX ENGINEERING
RTechPhone: +1-404-230-9150
RTechEmail: engineering@gnax.net
OrgAbuseHandle: ABUSE745-ARIN
OrgAbuseName: GNAX ABUSE
OrgAbusePhone: +1-404-230-9150
OrgAbuseEmail: abuse@gnax.net
OrgNOCHandle: ENGIN7-ARIN
OrgNOCName: GNAX ENGINEERING
OrgNOCPhone: +1-404-230-9150
OrgNOCEmail: engineering@gnax.net
OrgTechHandle: ENGIN7-ARIN
OrgTechName: GNAX ENGINEERING
OrgTechPhone: +1-404-230-9150
OrgTechEmail: engineering@gnax.net
IP #2: 62.146.47.98
inetnum: 62.146.47.96 - 62.146.47.111
netname: JF-NETWORK
descr: JFNetwork
descr: 97346 Iphofen
country: DE
admin-c: JF113-RIPE
tech-c: GT-RIPE
status: ASSIGNED PA "status:" definitions
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered
person: Jochen Freier
address: Ritterstr. 11-17
address: 97318 Kitzingen
address: DE
phone: +49 9321 9297990
nic-hdl: JF113-RIPE
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered
person: Thorsten Grosse
address: IP Exchange GmbH
address: Am Tower 5
address: 90475 Nuernberg
address: DE
phone: +49 911 30950 000
abuse-mailbox: abuse@ip-exchange.de
nic-hdl: GT-RIPE
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered
% Information related to '62.146.0.0/16AS15598'
route: 62.146.0.0/16
descr: IP Exchange GmbH
origin: AS15598
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered
URL contained:
/profile.php?name='+UNION+SELECT+1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+FROM+webl_admin%23
User agent: libwww-perl/5.811
IP #1: 207.210.89.18
Network:
OrgName: Global Net Access, LLC
OrgID: GNAL-2
Address: 1100 White St SW
City: Atlanta
StateProv: GA
PostalCode: 30310
Country: US
ReferralServer: rwhois://rwhois.gnax.net:4321
NetRange: 207.210.64.0 - 207.210.127.255
CIDR: 207.210.64.0/18
OriginAS: AS3595, AS16626
NetName: GNAXNET
NetHandle: NET-207-210-64-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.GNAX.NET
NameServer: DNS2.GNAX.NET
NameServer: NS1.GNAX.NET
NameServer: NS2.GNAX.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment: ********************************************
Comment: Reassignment information for this block is
Comment: available at rwhois.gnax.net port 4321
Comment: ********************************************
RegDate: 2005-04-12
Updated: 2007-06-01
RAbuseHandle: ABUSE745-ARIN
RAbuseName: GNAX ABUSE
RAbusePhone: +1-404-230-9150
RAbuseEmail: abuse@gnax.net
RNOCHandle: ENGIN7-ARIN
RNOCName: GNAX ENGINEERING
RNOCPhone: +1-404-230-9150
RNOCEmail: engineering@gnax.net
RTechHandle: ENGIN7-ARIN
RTechName: GNAX ENGINEERING
RTechPhone: +1-404-230-9150
RTechEmail: engineering@gnax.net
OrgAbuseHandle: ABUSE745-ARIN
OrgAbuseName: GNAX ABUSE
OrgAbusePhone: +1-404-230-9150
OrgAbuseEmail: abuse@gnax.net
OrgNOCHandle: ENGIN7-ARIN
OrgNOCName: GNAX ENGINEERING
OrgNOCPhone: +1-404-230-9150
OrgNOCEmail: engineering@gnax.net
OrgTechHandle: ENGIN7-ARIN
OrgTechName: GNAX ENGINEERING
OrgTechPhone: +1-404-230-9150
OrgTechEmail: engineering@gnax.net
IP #2: 62.146.47.98
inetnum: 62.146.47.96 - 62.146.47.111
netname: JF-NETWORK
descr: JFNetwork
descr: 97346 Iphofen
country: DE
admin-c: JF113-RIPE
tech-c: GT-RIPE
status: ASSIGNED PA "status:" definitions
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered
person: Jochen Freier
address: Ritterstr. 11-17
address: 97318 Kitzingen
address: DE
phone: +49 9321 9297990
nic-hdl: JF113-RIPE
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered
person: Thorsten Grosse
address: IP Exchange GmbH
address: Am Tower 5
address: 90475 Nuernberg
address: DE
phone: +49 911 30950 000
abuse-mailbox: abuse@ip-exchange.de
nic-hdl: GT-RIPE
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered
% Information related to '62.146.0.0/16AS15598'
route: 62.146.0.0/16
descr: IP Exchange GmbH
origin: AS15598
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered
Sunday, July 12, 2009
123people dot com is stealing content
The 123people dot com site is stealing and reposting personal information from social networks like Myspace, Facebook.com, LinkedIn.com, Amazon (people's wish lists) and zoominfo.
In addition to scraping sites and posting photos, links and personal data that is not publicly available on these social networking sites, 123people is posting completely bogus data about people including false addresses and fake information.
Facebook has been kind enough to get scraped content and photos from their web site removed from this site. Other social networks like MySpace, Linkedin, Google, Amazon and ZoomInfo have been contacted to do the same by users.
This company 123People has been contacted to remove various profiles but is apparently not doing this so far.
In addition to scraping sites and posting photos, links and personal data that is not publicly available on these social networking sites, 123people is posting completely bogus data about people including false addresses and fake information.
Facebook has been kind enough to get scraped content and photos from their web site removed from this site. Other social networks like MySpace, Linkedin, Google, Amazon and ZoomInfo have been contacted to do the same by users.
This company 123People has been contacted to remove various profiles but is apparently not doing this so far.
Saturday, July 11, 2009
.Net Framework hitting sites
129.7.111.207 is hitting our site with .NET Framework/2.0
OrgName: University of Houston
OrgID: UNIVER-239
Address: Information Technology
Address: Computing & Telecommunication Services
Address: 4213 Elgin Blvd
City: Houston
StateProv: TX
PostalCode: 77204-1010
Country: US
NetRange: 129.7.0.0 - 129.7.255.255
OrgName: University of Houston
OrgID: UNIVER-239
Address: Information Technology
Address: Computing & Telecommunication Services
Address: 4213 Elgin Blvd
City: Houston
StateProv: TX
PostalCode: 77204-1010
Country: US
NetRange: 129.7.0.0 - 129.7.255.255
lwp-trivial
Hit with a bot called lwp-trivial/1.41 from this IP: 128.114.48.94 - a university in California:
OrgName: University of California, Santa Cruz
OrgID: UCSC
Address: University of California, Santa Cruz
Address: UCSC Information Technology Services
Address: Communications Building
Address: 1156 High Street
City: Santa Cruz
StateProv: CA
PostalCode: 95064
Country: US
NetRange: 128.114.0.0 - 128.114.255.255
CIDR: 128.114.0.0/16
OrgName: University of California, Santa Cruz
OrgID: UCSC
Address: University of California, Santa Cruz
Address: UCSC Information Technology Services
Address: Communications Building
Address: 1156 High Street
City: Santa Cruz
StateProv: CA
PostalCode: 95064
Country: US
NetRange: 128.114.0.0 - 128.114.255.255
CIDR: 128.114.0.0/16
Dragonfly User Agent
Some kind of dragonfly user agent hit our site which appears to be possibly related to some type of open source content management system.
The hit appears to be coming from:
Enmax Envision Inc. ENMAXENV-BLOCK2 (NET-72-29-224-0-1)
72.29.224.0 - 72.29.255.255
PlayStarMusic Corporation ENV-PM-72-29-233-160 (NET-72-29-233-160-1)
72.29.233.160 - 72.29.233.191
The hit appears to be coming from:
Enmax Envision Inc. ENMAXENV-BLOCK2 (NET-72-29-224-0-1)
72.29.224.0 - 72.29.255.255
PlayStarMusic Corporation ENV-PM-72-29-233-160 (NET-72-29-233-160-1)
72.29.233.160 - 72.29.233.191
Friday, July 10, 2009
Amazon Cloud Traffic
Once again someone on the Amazon cloud network is trying to access our sites in programmatic ways:
OrgName: Amazon.com, Inc.
OrgID: AMAZO-4
Address: Amazon Web Services, Elastic Compute Cloud, EC2
Address: 1200 12th Avenue South
City: Seattle
StateProv: WA
PostalCode: 98144
Country: US
NetRange: 75.101.128.0 - 75.101.255.255
OrgName: Amazon.com, Inc.
OrgID: AMAZO-4
Address: Amazon Web Services, Elastic Compute Cloud, EC2
Address: 1200 12th Avenue South
City: Seattle
StateProv: WA
PostalCode: 98144
Country: US
NetRange: 75.101.128.0 - 75.101.255.255
A2 hosting - PHP Client
Someone or something at A2 hosting attempted to access our sites using some sort of PHP client:
Internet 123, Inc. INTERNET-BLK-I123-3 (NET-69-39-64-0-1)
69.39.64.0 - 69.39.95.255
A2 Hosting, Inc. I123-069039089000-032004 (NET-69-39-89-0-1)
69.39.89.0 - 69.39.89.255
Hopefully Internet 123, Inc. and/or A2 Hosting, Inc. will take a look at this and do something about it.
The offending IP: 69.39.89.40 tried to access our sites with two different versions of PHP.
Internet 123, Inc. INTERNET-BLK-I123-3 (NET-69-39-64-0-1)
69.39.64.0 - 69.39.95.255
A2 Hosting, Inc. I123-069039089000-032004 (NET-69-39-89-0-1)
69.39.89.0 - 69.39.89.255
Hopefully Internet 123, Inc. and/or A2 Hosting, Inc. will take a look at this and do something about it.
The offending IP: 69.39.89.40 tried to access our sites with two different versions of PHP.
MCI / Proxy IT - bad traffic
Someone in this proxy IP range attempted to hit our sites with Python.
65.200.199.106 at 7/5/2009 10:46:19 PM
MCI Communications Services, Inc. d/b/a Verizon Business UUNET65 (NET-65-192-0-0-1)
65.192.0.0 - 65.223.255.255
Proxy IT UU-65-200-199-D6 (NET-65-200-199-0-1)
65.200.199.0 - 65.200.199.255
MCI shoudl really do something about this because clearly someone is using this proxy to attempt to do their dirty work.
65.200.199.106 at 7/5/2009 10:46:19 PM
MCI Communications Services, Inc. d/b/a Verizon Business UUNET65 (NET-65-192-0-0-1)
65.192.0.0 - 65.223.255.255
Proxy IT UU-65-200-199-D6 (NET-65-200-199-0-1)
65.200.199.0 - 65.200.199.255
MCI shoudl really do something about this because clearly someone is using this proxy to attempt to do their dirty work.
Bot out of University of Toronto
BlogScope bot hit our sites from University of Toronto
128.100.20.21
OrgName: University of Toronto
OrgID: UNIVER-36
Address: Computing and Networking Services
Address: 4 BANCROFT AVENUE - ROOM 101C
City: TORONTO
StateProv: ON
PostalCode: M5S-1C1
Country: CA
NetRange: 128.100.0.0 - 128.100.255.255
128.100.20.21
OrgName: University of Toronto
OrgID: UNIVER-36
Address: Computing and Networking Services
Address: 4 BANCROFT AVENUE - ROOM 101C
City: TORONTO
StateProv: ON
PostalCode: M5S-1C1
Country: CA
NetRange: 128.100.0.0 - 128.100.255.255
University Santa Cruz - WGet hackers
Someone at the University of Santa Cruz is attempting to access our sites using WGET from this IP 128.114.48.95 at 7/7/2009 7:53:48 PM
OrgName: University of California, Santa Cruz
OrgID: UCSC
Address: University of California, Santa Cruz
Address: UCSC Information Technology Services
Address: Communications Building
Address: 1156 High Street
City: Santa Cruz
StateProv: CA
PostalCode: 95064
Country: US
NetRange: 128.114.0.0 - 128.114.255.255
OrgName: University of California, Santa Cruz
OrgID: UCSC
Address: University of California, Santa Cruz
Address: UCSC Information Technology Services
Address: Communications Building
Address: 1156 High Street
City: Santa Cruz
StateProv: CA
PostalCode: 95064
Country: US
NetRange: 128.114.0.0 - 128.114.255.255
Colin-Miller - hitting our sites with Java
Someone at Colin Miller in San Francisco, California is attempting to access our sites with some type of Java client.
Comcast Business Communications, Inc. CBC-SFBA-13 (NET-173-11-64-0-1)
173.11.64.0 - 173.11.127.255
Comcast Business Communications, Inc. CBC-CM-4 (NET-173-8-0-0-1)
173.8.0.0 - 173.15.255.255
Colin Miller-San Francisco-CA-18 COLIN-MILLER-SAN-FRANCISCO-CA-18 (NET-173-11-77-96-1)
173.11.77.96 - 173.11.77.111
Comcast Business Communications, Inc. CBC-SFBA-13 (NET-173-11-64-0-1)
173.11.64.0 - 173.11.127.255
Comcast Business Communications, Inc. CBC-CM-4 (NET-173-8-0-0-1)
173.8.0.0 - 173.15.255.255
Colin Miller-San Francisco-CA-18 COLIN-MILLER-SAN-FRANCISCO-CA-18 (NET-173-11-77-96-1)
173.11.77.96 - 173.11.77.111
Programmatic traffic from eNet / XLHost
Getting clearly programmatic traffic from this network:
eNET Inc. ENET-XLHOST-2 (NET-173-45-64-0-1)
173.45.64.0 - 173.45.127.255
XLHost.com Inc XLHOST-OOFFER3-4941 (NET-173-45-84-80-1)
173.45.84.80 - 173.45.84.95
eNET Inc. ENET-XLHOST-2 (NET-173-45-64-0-1)
173.45.64.0 - 173.45.127.255
XLHost.com Inc XLHOST-OOFFER3-4941 (NET-173-45-84-80-1)
173.45.84.80 - 173.45.84.95
Managed Solutions Group - Malware
Someone attempted to get at our web server using a Java software client of some kind from this IP: 205.209.142.43
This Ip belongs to "Managed Solutions Group" in California:
OrgName: Managed Solutions Group, Inc.
OrgID: MSG-48
Address: 45535 Northport Loop East
City: Fremont
StateProv: CA
PostalCode: 94538
Country: US
ReferralServer: rwhois://rwhois.managedsg-inc.com:4321
NetRange: 205.209.128.0 - 205.209.191.255
This Ip belongs to "Managed Solutions Group" in California:
OrgName: Managed Solutions Group, Inc.
OrgID: MSG-48
Address: 45535 Northport Loop East
City: Fremont
StateProv: CA
PostalCode: 94538
Country: US
ReferralServer: rwhois://rwhois.managedsg-inc.com:4321
NetRange: 205.209.128.0 - 205.209.191.255
Twiceler - still doesn't obey robots.txt
Getting tons of hits from twiceler bot - still not obeying Robots.txt file. The hits are quite excessive.
Some of the IPs:
38.99.44.105
216.129.119.42
216.129.119.12
216.129.119.44
216.129.119.40
216.129.119.49
38.99.44.102
Some of the IPs:
38.99.44.105
216.129.119.42
216.129.119.12
216.129.119.44
216.129.119.40
216.129.119.49
38.99.44.102
Tuesday, July 07, 2009
Problem with MS Terminal Services / VPN
There is a problem with Terminal Services from Microsoft and/or Cisco's VPN product. When using the Cisco client and VPN with Terminal Services and my connection gets disrupted in some way when I am connected to my server, first of all I cannot reconnect to the VPN. Somehow the VPN/firewall thinks I am still connected perhaps or maybe the services on my machine get corrupted in some way and causes this problem.
The second problem is that after a reboot (potentially restarting some services would also resolve this) and I reconnect to my VPN, Microsoft Terminal Services on the computer to which I was connected says all the Terminal Service sessions are in use and I cannot get back into my box. This is a potential security problem if someone else was able to connect to that particular session. It doesn't make any sense that I would show as still being connected because one particular account is supposed to terminate on disconnect or log out and so I should be able to get back in on that account after the network disruption.
On the flip side, I've had a problem where a particular account using Terminal Services is NOT supposed to shut down on disconnect, and when I get booted off the VPN via a network disruption, that account would shut down even when in theory it should not. It seems like maybe that problem was fixed but a new problem has arisen as a result of whatever changed.
The second problem is that after a reboot (potentially restarting some services would also resolve this) and I reconnect to my VPN, Microsoft Terminal Services on the computer to which I was connected says all the Terminal Service sessions are in use and I cannot get back into my box. This is a potential security problem if someone else was able to connect to that particular session. It doesn't make any sense that I would show as still being connected because one particular account is supposed to terminate on disconnect or log out and so I should be able to get back in on that account after the network disruption.
On the flip side, I've had a problem where a particular account using Terminal Services is NOT supposed to shut down on disconnect, and when I get booted off the VPN via a network disruption, that account would shut down even when in theory it should not. It seems like maybe that problem was fixed but a new problem has arisen as a result of whatever changed.
Friday, July 03, 2009
Service Provider Corporation
If you've seen Service Provider Corporation IP addresses in your logs and then tried to find information about the company you'll end up here:
http://www.wdspco.org/
OrgName: Service Provider Corporation
OrgID: SPC-10
Address: 442 Route 202-206 North
Address: # 485
City: Bedminster
StateProv: NJ
PostalCode: 07921-0523
Country: US
NetRange: 166.128.0.0 - 166.255.255.255
CIDR: 166.128.0.0/9
NetName: NETBLK-CDPD-B
NetHandle: NET-166-128-0-0-1
This is an organization that allocates IP addresses to various wireless providers. Presumably some odd traffic on our server is from AT&T since the user agent appears to be IPhones. However the IPhones are acting a little strange and using a lot of different IP addresses for what appears to be the same web request. I could be wrong. We'll have to dig into this a bit more...
The other problem with this organization is that it actually hides the true source of the traffic in some cases. Someone on this network actually hacked into my web mail provider one time and apparently was reading my email. This organization states on their web site on a page that is not search engine friendly:
The problem here is that some of the traffic coming from this IP range appears to be under the cover of this organization's name and you cannot truly report the source of the bad traffic to the company from whence it came if the IPs have been leased to someone else and not appropriately identified. In my opinion this organization should be forced by law to list both their name AND the name of the wireless company that is sending traffic to your sites.
http://www.wdspco.org/
OrgName: Service Provider Corporation
OrgID: SPC-10
Address: 442 Route 202-206 North
Address: # 485
City: Bedminster
StateProv: NJ
PostalCode: 07921-0523
Country: US
NetRange: 166.128.0.0 - 166.255.255.255
CIDR: 166.128.0.0/9
NetName: NETBLK-CDPD-B
NetHandle: NET-166-128-0-0-1
This is an organization that allocates IP addresses to various wireless providers. Presumably some odd traffic on our server is from AT&T since the user agent appears to be IPhones. However the IPhones are acting a little strange and using a lot of different IP addresses for what appears to be the same web request. I could be wrong. We'll have to dig into this a bit more...
The other problem with this organization is that it actually hides the true source of the traffic in some cases. Someone on this network actually hacked into my web mail provider one time and apparently was reading my email. This organization states on their web site on a page that is not search engine friendly:
The WDSPCo NIC administers and maintains the IP address blocks that are leased from ARIN. The NIC assigns IP address blocks to WDSPCo members on request in accordance to the WDSPCo IP Management rules and the ARIN IP rules.
The NIC is also responsible for the WDSPCo DNS server. The NIC maintains the server. They also update with member server information for the reverse DNS lookup table for the leased IP blocks. When requesting a new block of IP addresses, members can supply their DNS server names so that the NIC can assign those server names to the IP block on the DNS server at the time of allocation. IP blocks can be leased without DNS server assignments.
The problem here is that some of the traffic coming from this IP range appears to be under the cover of this organization's name and you cannot truly report the source of the bad traffic to the company from whence it came if the IPs have been leased to someone else and not appropriately identified. In my opinion this organization should be forced by law to list both their name AND the name of the wireless company that is sending traffic to your sites.
Thursday, July 02, 2009
123People - illegal scraping and reposting of content
123People.com is illegally scraping and reposting content from other web sites.
This particular site has posted information on their web site posted privately on social networks.
When you contact a web site that has posted information about you and you want it taken down, the professional thing to do would be to remove it.
Here is the information from the 123People web site - again don't pay they to take down things you didn't authorize them to post.
I would be concerned that contacting reputation services would only exacerbate the problems.
These companies should be held accountable for their actions.
There needs to be a better solution to this situation:
______________________________________________________________
How do I delete the search results on the 123people?
123people refers to information originating from the other publicly available websites on the Internet. All we do is provide the viewing of the real time search results available on the Internet in a clear and well-arranged way.
If you want to edit or to delete information, there are two possibilities:
1. Contact the original source
If you want to delete the contents, please contact directly the original source of the information. You can find the source by clicking on the small icon to the left of all displayed results. Your support team will take care of your request voluntarily and free of charge.
2. Professional Services
There are services that take care of their customers online. We have selected a few of those services that you can use. Please contact one of the services of your choice directly for further information.
www.reputationdefender.com
www.myonid.com
Indication: 123people accesses data that have been found on other websites by classical search engines such as Yahoo. Search engines save the found information for certain period of time. These search engines do not explore all websites at the same time – that depends on how often the content on the website is updated, amongst other things – so it might take some time, (sometimes even months), until certain content has disappeared from the search results of big search engines. The information may appear on the site of 123people even if the source of the information has already been deleted.
The web site www.reputationdefender.com as well as www.myonid.com are independent companies who offer their services for free and do not stand in any form of cooperation with 123people.
This particular site has posted information on their web site posted privately on social networks.
When you contact a web site that has posted information about you and you want it taken down, the professional thing to do would be to remove it.
Here is the information from the 123People web site - again don't pay they to take down things you didn't authorize them to post.
I would be concerned that contacting reputation services would only exacerbate the problems.
These companies should be held accountable for their actions.
There needs to be a better solution to this situation:
______________________________________________________________
How do I delete the search results on the 123people?
123people refers to information originating from the other publicly available websites on the Internet. All we do is provide the viewing of the real time search results available on the Internet in a clear and well-arranged way.
If you want to edit or to delete information, there are two possibilities:
1. Contact the original source
If you want to delete the contents, please contact directly the original source of the information. You can find the source by clicking on the small icon to the left of all displayed results. Your support team will take care of your request voluntarily and free of charge.
2. Professional Services
There are services that take care of their customers online. We have selected a few of those services that you can use. Please contact one of the services of your choice directly for further information.
www.reputationdefender.com
www.myonid.com
Indication: 123people accesses data that have been found on other websites by classical search engines such as Yahoo. Search engines save the found information for certain period of time. These search engines do not explore all websites at the same time – that depends on how often the content on the website is updated, amongst other things – so it might take some time, (sometimes even months), until certain content has disappeared from the search results of big search engines. The information may appear on the site of 123people even if the source of the information has already been deleted.
The web site www.reputationdefender.com as well as www.myonid.com are independent companies who offer their services for free and do not stand in any form of cooperation with 123people.
Subscribe to:
Posts (Atom)