Saturday, August 12, 2006

China's iaskspider evolution and related crawling

Here's the latest on this little bullshit bot iaskspider from China.

Previously it crawled from 2 d-blocks using a simple name: "iaskspider" "iaskspider" "iaskspider" "iaskspider"
Now it claims to be Internet Explorer: - "Mozilla/5.0 (compatible; iaskspider/1.0; MSIE 6.0)"
And appears to be checking anonymously for spider traps or some shit: - "GET /robots.txt HTTP/1.0" 200 146 "-" "-" - "GET /robots.txt HTTP/1.0" 200 146 "-" "-" - "GET /robots.txt HTTP/1.0" 200 146 "-" "-" - "GET /robots.txt HTTP/1.0" 200 146 "-" "-"
Don't ask me, I only block them, no clue what the hell is going on.

Friday, August 11, 2006

EDI Edacious Bullshit and Yeti from Korea

Don't know much about this piece of shit crawling from Korea except it looks at robots.txt and operates from 2 d-blocks: "EDI/1.2.0 (Edacious & Intelligent Web Crawler)" "EDI/1.2.0 (Edacious & Intelligent Web Crawler)" "EDI/1.2.0 (Edacious & Intelligent Web Crawler)" "EDI/0.9.3 (Edacious & Intelligent Web Crawler)"
Something in the next d-block in this bad neighborhood: "Yeti" "Yeti" "Yeti" "Yeti"
Bullshit of a feather flocks together.

No Cookies for Decommissioned Junction

I've been dumping affiliate programs lately because of the abysmal rate of cookie tracking and ever decreasing affiliate income vs. the PPC steady income rate.

This isn't terribly accurate as my script doesn't know if a cookie was accepted until the second page view. However, out of 3489 visitors in a sample I just took, that looked at 2 or more pages, the cookies were disabled by 22% of the returning visitors.

5926 Visitors
3489 Visitors > 1 Page View
2710 Cookies Enabled
779 Cookies Rejected
It doesn't take a rocket scientist to figure out that 22% of disabled cookies make affiliate programs relatively unattractive as almost 1/4 of the returning visitors wouldn't give me credit for anything they buy.

Out of the total visitors it's only 13%, but we don't know how many of the 2437 visitors that only viewed a single page had cookies enabled, but my suspicion is it's closer to 20%.

Taking into account that these numbers are POST bot filtering, so all of the bots that were blocked or banned didn't get included, this leads to two possible conclusions:

1) a lot more people aren't accepting cookies than previously thought or
2) there's a lot more low impact stealth bot activity than even I suspected.

Which is the right answer?

I'm sure the truth lies somewhere in the middle.

Thursday, August 10, 2006

Telemarketing SEO Assholes

I was sitting here minding my own business today and the phone rang.

Normally, I would let "UNKNOWN CALLER" roll to voicemail but today I lost my mind and answered the damn phone.

ME: "Hello?"

SLIMEBALL: "Hi, do you own domain XYZ.COM?"

ME: "Um, yes I do, why do you ask?"

SLIMEBALL: "We have been looking at XYZ.COM and it's a strong website but doesn't have very good presence in the search engines and we'd like to offer our help."

About now the hair stands up on the back of my neck...

ME: "Excuse me? I rank very well in search engines and have a ton of top 10 longtail keywords"

This alone should be a tip that I know something about this shit...

SLIMEBALL: "Well, our research report shows you're lacking in many major keywords and we could help..."

ME: "Are you out of your mind? I get 500,000 visitors a month, how in the hell is that lacking?"

SLIMEBALL: "Um, well, we don't show you on the main..."


I just didn't have the heart to start yelling and screaming profanity at this slimeball as it was just too early in the morning.

My suspicion is they would probably sink my site so low in the SE's that I'd have to get a real job as my days of webmaster welfare would be over.

Fuck it, I'll stick with my "lacking listings" thank you very much.

Wednesday, August 09, 2006

Kudos on the Google Dance, Stellar AdSense Support, and my Google Gift

Sometimes we complain about AdSense support being slow and unresponsive but I have to give kudos on a same day response yesterday, and that was in the midst of Google preparing for the Google Dance party.

Now the Google Dance party was off the hook, the band kicked ass, it was rock'n baby!

Enjoyed the various snacks, they were free and I never complain about free food.

The only thing I didn't try which looked good were the Pavlov's Dogs as I was snacked out and needed to save room for beer.

Google gets more love from me as their beer selections this year were far superior to last year, less cat piss and more beer for real beer drinkers. Last year I had to literally scour the place to find one lone tap with something that wasn't clear yellow cat piss that was tucked inside a building but this year the good beer was everywhere.

Just in case you haven't figured it out, I'm in love with Google at the moment,

I still use all the Google gifts I got last Christmas as the Google wireless mouse and USB expansion port are permanent fixtures on my laptop.

Last week when I went to get a new set of business cards printed I used my Google memory stick/keychain to take them to Kinkos and get them printed and cut while I waited, that was way cool too, no floppies, nothing.

My wife was poking fun at me and my giddy behavior with the memory stick "Have you never encountered technology before? Is this your first time?". Well, technically it was my first time handing someone my keychain to get something printed opposed to original copies or a floppy disk, just struck me as being cool.

I felt like Jack Bauer from 24 running into Kinkos:

"Quick Chloe, download the encrypted data off this chip that was just recovered in a covert sting and use our blowfish decryption algorithms to extract these business cards..."

Ah well, been there, done that, now it's old hat.

Besides, who can say anything bad about Google?

They give me free money every month, they give me free web traffic, they give me free gifts and then invite me into their building and give me free food, booze and entertainment.

It's almost like being a rich kid living off the family AdSense trust fund ;)

The only complaint I had about last nights Google Dance party is my feet hurt like hell by the time it was over!

Wait, I almost forgot, they were giving away t-shirts but the sizes were limited to LARGE, SMALL and WOMEN's. C'mon Google, did you take a serious look at how many 2X and 3X people you had waddling around the 'Plex last night?

What in the heck would I do with a LARGE t-shirt, dust my house with it?

Other than that one minor glitch, good job Google, loved it!

SCRAPER BUSTED #9 - Umax is baaaack

This is déjà vu day in the scraper busting dept. as Umax is back with a new virulent website.

BTW, if you want to read some funny misguided shit, this guy wants people to boycott the UMAX the scanner company because of something unrelated, like this spamming virus site maker that's the topic of this post.

What a screwball, sheesh.



Remember, I'm a trained professional, so don't try this site at home as this is some nasty shit.

However, if you're stupid enough [and most of you are] to attempt to access this site then use some goddamn common sense and disable your javascript and maybe java in your browser first or you might end up in a world of hurt.

For those of you real dumb fuckers, I mean the dumb as a pet rock variety, you'll get Trojan.ByteVerify installed on your machine if you visit these sites [see list at bottom] without proper precaution so don't blame me as YOU HAVE BEEN WARNED!

Crawler Info:
IP Address: []
User Agent: lwp-trivial/1.41
Site info: (
This is on the same server and host as the last reported site, but just in case you're too fucking lazy to click the link about and look it up for yourself it's repeated below.

Not sure this is even real information about this asshole, as other registrations say Russia, there's a shock, but they all seem to have FREEYAHO LLC in common.

American asshole information:
Sid Wongvorakul
979 Rutland Dr
Memphis, Tennessee 78243
United States

Registered through: FREEYAHO LLC.
Domain Name: UMAX-PPC.NET
Created on: 15-Dec-04
Expires on: 15-Dec-07
Last Updated on: 12-Jul-06

Administrative Contact:
Wongvorakul, Sid
979 Rutland Dr
Memphis, Tennessee 78243
United States

Technical Contact:
Wongvorakul, Sid
979 Rutland Dr
Memphis, Tennessee 78243
United States

Domain servers in listed order:
Russian asshole information:
Domain ID: D10559406-BIZ
Sponsoring Registrar: WILD WEST DOMAINS, INC.
Sponsoring Registrar IANA ID: 440
Domain Status: clientDeleteProhibited
Domain Status: clientRenewProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant ID: GODA-013273608
Registrant Organization: Freeyaho LLC.
Registrant Address1: a-n 262
Registrant City: Ulan-Ude
Registrant State/Province: Ru
Registrant Postal Code: 670042
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +790.25651263
Registrant Email:
Host information:
Address: AccessIT - Hosting Services
Address: 75 Broad Street, Suite 1902
City: New York
StateProv: NY
PostalCode: 10004
Country: US

ReferralServer: rwhois://
NetRange: -
The rest of this prolific virus spamming assholes domains hosted on the same box:
If you think I have a bad attitude in this post, you're very perceptive, as this fucker really pisses me off more than the usual garden variety scraper and hosting companies that allow this shit on their premises make my blood boil.

I'm trying to resist calling the whole lot of them a bunch of cocksucking assholes, but I think I'm losing that battle..

SCRAPER BUSTED #8 - Categorico Strikes Again from Canada

This is the same bunch of fucknuts I busted previously as Vipse Corp and Categorico with a new twist as this domain is and claims to be registered to some fucker in Canada, not Italy, but the same Adsense account: "Advertise on".

Scraping data:

IP Address: []
User Agent: InetURL/1.0
Site data: (

Logan Vernissa
306, 809-890 Crowfoot Cres.
Calgary, Alberta T7G 7T4
The scraping and server are from the same d-block hosted here:
OrgName: Broadspire Inc.
Address: 10200 Sepulveda Blvd. Suite 160
City: Mission Hills
StateProv: CA
PostalCode: 91345
Country: US

NetRange: -
You know what to do, block these fuckers and cut them off at the knees.

Robot MKDB From Oxford

No clue what the fuck this is but the reverse DNS suggests that this shit escaped from an Oxford computer science lab. [] requested 1 pages as "mkdb"
Didn't ask for robots.txt whatever it was.


Yahoo-Test/4.0 fails pop quiz

It wasn't Slurp so they got a error message, test failed, sorry Yahoo! - "GET /robots.txt HTTP/1.0" 200 146 "-" "Yahoo-Test/4.0" - "GET / HTTP/1.0" 200 1173 "-" "Yahoo-Test/4.0"
Study harder next time.

Tuesday, August 08, 2006

Adsense Scraper with CACHE pages

In a new twist, here's a scraper with CACHE pages pretending he's Google.

Easy target for a flood of DMCA notices...

User Agent: ""
Here's the fuckhead's information:
Dragulescu Radu
Victoriei, bl.7,
sc. D, ap. 3
Timisoara, Timis 01900

Registered through:, Inc. (
Created on: 18-Dec-05
Expires on: 18-Dec-07
Last Updated on: 01-Aug-06

Administrative Contact:
Radu, Dragulescu
Victoriei, bl.7,
sc. D, ap. 3
Timisoara, Timis 01900

Technical Contact:
Radu, Dragulescu
Victoriei, bl.7,
sc. D, ap. 3
Timisoara, Timis 01900

Domain servers in listed order:
The hosting appears to be thru
OrgName: Net Access Corporation
City: Parsippany
StateProv: NJ
PostalCode: 07054
Country: US
I think they're gonna get a letter about this asshole...

Inhoster Blog Spam Haven Servers Blocked

Inhosting is just filthy with blog spammers which is bizarre as usually I find a mix of activity on dedicated servers but this place seems to be overflowing with nothing but spammers and just one scraper, Snoopy.

I'm positive they are all spammers as every IP address listed below, except Snoopy, ONLY accessed my post form on a specific server, nothing else.

They host some of the usual garden variety bullshit spammers and Snoopy the scraper: "Snoopy v1.2" "/" "PussyCat 1.0, Murzillo compatible" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20060508 Firefox/" "" "PussyCat 1.0, Murzillo compatible" "PussyCat 1.0, Murzillo compatible"
Then they have a few of the amazing changing user agent spammers from this IP sorted by user agent for your viewing pleasure: "Mozilla/4.0 (compatible; MSIE 4.0; MSN 2.6; Windows 95; Gateway2000)" "Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95)" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; USA On-Site)" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; 981)" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; QXW0332q)" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; DT)" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.9) Gecko/20020311" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020510" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1a) Gecko/20020611" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020721" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2a) Gecko/20020910" "Opera/6.01 (Windows 98; U) [en]" "Opera/6.04 (Windows 2000; U) [en]" "Opera/6.04 (Windows 98; U) [en]" "Opera/6.04 (Windows XP; U) [en]" "Opera/7.0 (Windows 2000; U) [en]" "Opera/7.0 (Windows NT 5.0; U) [en]" "Opera/7.02 Bork-edition (Windows NT 5.0; U) [en]"
Another of the same rotating user agent shit on a different IP "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; USA On-Site)" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.7) Gecko/20011221" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530" "Opera/7.02 Bork-edition (Windows NT 5.0; U) [en]"
And YET another that didn't hit as often "Mozilla/4.0 (compatible; MSIE 4.0; MSN 2.6; Windows 95; Gateway2000)" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.7) Gecko/20011221" "Opera/6.04 (Windows 2000; U) [en]"
For the grand finale, a D-block of Firefox Linux spammers: "Mozilla/5.0 (X11; U; Linux i686; ru; rv: Gecko/20060425 SUSE/ Firefox/" "Mozilla/5.0 (X11; U; Linux i686; ru; rv: Gecko/20060425 SUSE/ Firefox/" "Mozilla/5.0 (X11; U; Linux i686; ru; rv: Gecko/20060425 SUSE/ Firefox/" "Mozilla/5.0 (X11; U; Linux i686; ru; rv: Gecko/20060425 SUSE/ Firefox/" "Mozilla/5.0 (X11; U; Linux i686; ru; rv: Gecko/20060425 SUSE/ Firefox/" "Mozilla/5.0 (X11; U; Linux i686; ru; rv: Gecko/20060425 SUSE/ Firefox/" "Mozilla/5.0 (X11; U; Linux i686; ru; rv: Gecko/20060425 SUSE/ Firefox/" "Mozilla/5.0 (X11; U; Linux i686; ru; rv: Gecko/20060425 SUSE/ Firefox/" "Mozilla/5.0 (X11; U; Linux i686; ru; rv: Gecko/20060425 SUSE/ Firefox/"
Block block block block...

Here's the range of troublemaker IPs to block
netname: INHOSTER
inetnum: -
They also have this range but I don't have any activity that has been tracked from here:
netname: INHOSTER
netnum: -
Enjoy the silence with the fucking spammers gone.

Taiwan Scraping from C and D-Blocks

Didn't check the archive file to see if this was more widespread because as this was a single instance today of a coordinated scrape attempt from multiple IPs at the same time.

The D-block scraping attempt from "61.66.36" was nothing new as small blocks of scraping IPs turn up all the time.

However, the C-block scraping from "218.162." at the same has implications as this normally would've been harder to identify in small 1-4 page bursts.

The scraping C-block: [] requested 2 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)" [] requested 3 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)" [] requested 3 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"
The scraping D-block: [] requested 1 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)" [] requested 3 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)" [] requested 4 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)" [] requested 3 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)" [] requested 1 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"
Looks like they're getting smarter and your average webmaster will never spot this kind of activity.

Time to block Taiwan entirely?

Sunday, August 06, 2006

SES San Jose 7-10 2006

Anyone I know going to be there this week?

I'm heading down to the speakers party tonight (oops, did I let out a surprise) so if anyone I know is there tonight maybe we'll pound a brew or two together.

Bet you can't figure out which session I'll be speaking at...

Google Crawls Thru Yahoo Japan

This odd Google crawling thru Yahoo Japan occurrence must be via some sort of proxy or translation server, no clue, but this shit is weird. requested 2 pages as "Mediapartners-Google/2.1"
Yahoo Japan Corp.
Makes you scratch your head doesn't it?

Perhaps you have lice or dandruff, stay away from me...