Saturday, November 25, 2006

MSIE 7 and Firefox 2 Still Not Reasonably Secure

We heard all the security hype when MSIE 7 and Firefox 2 came out and it turns out it was tons of hype and hoopla that was completely meaningless. They'll stop us from being Phished but those Java trojan horse and worm vulnerabilities still exist and have a revolving door to get into your computer if you have Java enabled.

This issue was highlighted in a recent post about McAfee SiteAdvisor Green Lights Notorious Malicious Sites but I thought I'd post about this again just in case people missed the part at the bottom of that long post highlighting how all of these vulnerabilities existed long before either version shipped and they simply didn't fix them or give us reasonable controls to hinder the problem.

The simple solution to avoid things like the Win32/Agent.RX trojan is to disable Java altogether, not Javascript but Java itself. The problem is there are a lot of useful applets all over the net, especially the fun ones like games on Pogo.com, or Yahoo Games, so eventually we'll want to turn Java back on in the browser for those sites.

Now the hard question:

Just how hard would it be for the browsers to allow us to enable Java and Javascript per site?


This was a very blatant oversight of a well known vulnerability, yet it still exists in recently released products without any type of protection other than to completely disable Java. If that Java option per site exists I sure missed it as I snooped around the options before posting this. If it's there it's buried somewhere in the basement of options or I'm blind as nothing just hopped out about this issue other than to disable Java altogether.

Funny, they have silly options for privacy freaks to ask about cookies, or remembering passwords, and all sorts of other good things but when it comes to real security, WHAMMO! here comes the trojan without as much as a warning.

If you can warn about installing add-ons without first asking permission so how hard can this be, to simply ask first if we want to load Java?

That's a very strong statement from at least 2 browser providers that have made it very clear they don't give a shit if we get hacked or not if we have Java enabled. The technology to stop the browser from loading Java without asking permission is so simple that an apprentice programmer could implement it.

Had my virus scanner not been up-to-date, I'd have been screwed pure and simple.

Gee thanks browser makers, thanks for these major security updates.

More Bot Activity in Bezinqint

Had a chance to look for more possible Picscout crawling activity in another block of bezeqint.net IP's and found a rash of activity. Some was definitely bot activity, others had a fairly small sample and nothing was definitive except the crawl speed which can also be explained away by pre-fetch technology.

Here's a definitive bot in that range:

88.152.15.7 Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)
Just another garden variety scraper or is Picscout sharing IP's with bezinqint's other customers?

About 20 others set off alarms but nothing quite as aggressive as that one IP listed asking for about 50+ pages in increments of 5-10 seconds apart, and that was after they were being challenged so it's a bot to be sure.

Who the bot belongs to is the question.

I'm considering blocking this range considering the number of alarms that were set off.

inetnum: 88.152.170.0 - 88.152.255.255
netname: ADSL-CUSTOMER-CONNECTION
role: BEZEQINT NETWORKING TEAM
route: 88.152.176.0/20

Not that everyone should block the whole thing, but the one IP address referenced was definitely a problem child.

So much data, so little time...

McAfee SiteAdvisor Green Lights Notorious Malicious Sites

McAfee's SiteAdvisor is a great idea and I've been a big fan as it helps avoid many bad sites. However, they're obviously not catching certain things that some of the more clever malicious site owners are doing to avoid their detection. This has led to them green lighting one of the most malicious sites I've seen and this guy has a bunch of them just waiting for unsuspecting visitors.

In this instance, SiteAdvisor gave a completely false sense of security.


CAUTION: Some of the links below may try to inject a worm or trojan.


Here's the results for http://www.euc2005.com/ which claims it's perfectly safe which is blatantly wrong:



The info balloon claims they've scanned it and it's clean... WRONG!


Here's the site when you click to visit http://www.euc2005.com/:


I clicked the link "Czym jest GIS" which claims to be loading DIRECTIONS and up pops the bogus search page and my anti-virus goes off claiming that the site was atttempting to install a trojan from http://tisall.info/e/us02/e.cab. Additionally note the yellow warning bar at the top of MSIE 7 claiming the site was trying to install an add-on to the browser at the same time.


SiteAdvisor would do themselves a favor and just red flag anything that is related to Inhoster, where the trojan attempted to download from, as they appear to be a haven for spammers, scrapers and other malicious activity and numerous bad references can be found to their hosting all over the net.

Just for giggles I checked a few more bad domains I knew and SiteAdvisor hadn't checked any of them yet. However, this one below blew my mind because all of the URL's displayed in Yahoo were the actual CAB files themselves and SiteAdvisor didn't even warn me that clicking on a .cab file might be a bad idea.


Come on guys, this is a no brainer, if you actually find a listing in a search engine linking directly to the virus or worm file, or a suspicious file type such as a .cab or .exe, you should at least put up the yellow CAUTION symbol at a minimum.

IMO the real fault here isn't that McAfee SiteAdvisor missed these files, it's that the browser allows certain files to be executed randomly without asking. For the love of god, the browsers have options to ask per site if you want a stinking COOKIE which can do no immediate harm to your computer. Something as vulnerable as MSIE that can install trojans that just started downloading automatically, without warning or controls, and only when it looked like something was an add-on did I even get a warning from MSIE 7.

What's most amazing is both FireFox 2 and MSIE 7 are NEW RELEASES yet still vulnerable to some particularly nasty problems that has been around for ages and neither of them did anything to protect against this in their latest releases.

Is everyone at these browser companies asleep at the wheel?

Hopefully SiteAdvisor can figure out what they missed that allowed this rogue site to be green-listed and avoid these problems moving forward as it's obvious they're the only ones even trying to help as the browsers just left the problem remain in all their new versions.


P.S. The company hosting these sites, theplanet.com, has been notified about the problem and we'll all be watching to see if these domains continue to function.

Friday, November 24, 2006

Google Image Search Used for Copyright Abuse Mashup

Today I came across a bunch of slimy mashup sites that combine images from Google Image Search (your images) with affiliate ads. The attempt is to try to make it look like a legitimate directory or search engine for the topic but what's happening is your images are being used without permission and being attributed to other sites.

CAUTION: Some of the links below may try to inject a worm or trojan.

Go to one of the sites here:

http://www.euc2005.com/photography/Digital-photography.html
See those images?

The images are directly from Google Image Search for "Digital Photography":
http://images.google.com/images?hl=en&q=Digital+photography&btnG=Search+Images

Here's the URL to the images from that page:
http://images.google.com/images?q=tbn:RaA8sUkYvwGMCM:
http://www.saugus.net/Photos/images/pemigewasset_river.jpg

http://images.google.com/images?q=tbn:WHUZv_rlRPX82M:
http://www.jungleboffin.com/images/artoriginals/digitalpower/6.jpg

http://images.google.com/images?q=tbn:dXhig_gAZri
KQM:h
ttp://joecarr.ca/astro/images/2003/2003N707a.jpg

http://images.google.com/images?q=tbn:XoEoJdT29qBX8M:
http://www.kanaphoto.com/img/digital_7.jpg
Same crap going on from this Polish site too:
http://buy-xenical-us.qo.pl/
Note that the domain EUC2005.COM is a dummy domain, it's actually pulling up searches in a frame from this site:
http://f-mf.org/search.php?q=digital+photography

Just for giggles, I did a search for PHOTO.NET in their little search window to see what came up:



Here's the same search in Google Images:



This mess all seems to be hosted on theplanet.com, big shock, on at least 4 servers that I can find, click the IP below for a list of domains:
74.52.114.114
74.52.114.115
74.52.114.116
74.52.114.117
I found some of this same crap on every server, click some links from the home pages of these domains and you'll see the same old shit like this:
http://homepage-building.info/carl-bucherer/
or this:
http://kdcconstruction.net/morel/
or this:
http://internetuniversityincome.com/pantech/
etc.

Now let's see who appears to be behind this mess:
Domain ID:D128714698-LROR
Domain Name:F-MF.ORG
Created On:11-Sep-2006 11:05:33 UTC
Last Updated On:11-Nov-2006 03:50:00 UTC
Expiration Date:11-Sep-2007 11:05:33 UTC
Sponsoring Registrar:Direct Information PVT Ltd dba PublicDomainRegistry.com (R27-LROR)
Status:OK
Registrant ID:DI_2372832
Registrant Name:Soodkhet Kamchoom
Registrant Organization:N/A
Registrant Street1:2002 E. Tamarack Road
Registrant Street2:
Registrant Street3:
Registrant City:Altus
Registrant State/Province:Oklahoma
Registrant Postal Code:73521
Registrant Country:US
Registrant Phone:+001.5806436662
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:soodkhet@zlex.org
Name Server:NS1.F-MF.ORG
Name Server:NS2.F-MF.ORG
Someone else has our copyright infringing buddy listed in an MVPS HOSTS file for some bad things as well:
# [Soodkhet Kamchoom]
127.0.0.1 alllinx.info
127.0.0.1 dinet.info #[Trojan.Win32.Small.EV]
127.0.0.1 eqash.net #[eTrust.Win32/Secdrop.JU]
127.0.0.1 frdolls.net
127.0.0.1 frlynx.info
127.0.0.1 joutweb.net
127.0.0.1 linim.net #[eTrust.Win32/Secdrop.JU]
127.0.0.1 linxlive.net
127.0.0.1 lipdolls.net
127.0.0.1 nwframe.net #[Win32/Nitwiz.A]
127.0.0.1 zllin.info #[MHTMLRedir.Exploit][Win32/Dialer.KM]
Now let's see where the base of search operations F-MF.ORG resides:
host F-MF.ORG
F-MF.ORG has address 66.230.138.195

whois 66.230.138.195

OrgName: ISPrime, Inc.
OrgID: IPRM
Address: 25 Broadway
Address: 6th Floor, Suite #2
City: New York
StateProv: NY
PostalCode: 10004-1086
Country: US

NetRange: 66.230.128.0 - 66.230.191.255
CIDR: 66.230.128.0/18
I looked at the adjacent server IP 66.230.138.194 and BINGO! there's some of the domains listed (in bold) in the MVPS HOSTS files, amazing isn't it?
alllinx.info
cleanchain.net
drefus.org
eqash.net
frlynx.info
frsets.info
joutweb.net
linim.net
linxlive.net
nwframe.net
recdir.org
There's obviously more, but I'm bored chasing this idiot at this time, maybe later.

I've been advocating everyone block access from known datacenters and proxy servers for quite some time to stop scraping and other abuse so had the Googlers listened, and I know they heard me, this abuse wouldn't be happening right now and webmasters wouldn't have to deal with this level of abuse.

Sorry to say, I'm going to have to add this line to all my robots.txt for Google, Yahoo and MSN until they resolve this vulnerability:
Disallow: /images/
Why won't they listen when I explain what the vulnerabilities are?

Why must we the webmasters have to deal with this garbage?

Firing up the DMCA letters now, several search engines and ISPs are about to be served...

If your images show up on their pages, join me in fighting this good fight.

Wednesday, November 22, 2006

Exalead Preview Violating Webmasters Content

It's been ages since I've wandered over to Exalead and played with it for a while. I get a few spurious hits from their cute little search engine so I thought I'd explore for a bit and see what it had to offer.

Oh look, nice layout, thumbnails, click on the thumbnails and get a site preview...

Oh my god, they downloaded my page in real-time, stripped out my javascript so they could frame it without my frame buster working, and the page looks like shit now.

I'm speechless...

Not to mention infuriated that they would violate my content in such a manner.

If you want to just block the preview mode, they send a request like this:

193.47.80.78 "GET / HTTP/1.1" "http://www.exalead.com/search" "NG/4.0.2897.395"
So blocking "^NG/" in .htaccess should do it and add "NOARCHIVE" to all your pages just to make sure they don't pull up an old copy, as that would REALLY piss people off if they don't honor NOARCHIVE.

If you just want to block the bot, it's "Exabot/3.0".

If you just want to block them completely, they crawl from here:
inetnum: 193.47.80.0 - 193.47.80.255
netname: EXALEAD
route: 193.47.80.0/24
Just another reason why webmasters will keep hating some web sites and search engines because they just don't get it so fuck 'em, they can't play in my sandbox any more.

Tuesday, November 21, 2006

Bezeqint Hosts Scrapers, Spammers and more

The previous post about Hunting Picscout assumes that they are operating out of bezeqint.net which is where their website is hosted. The decision to block the first range of bezeqint.net from the previous post was easy because it appears to be a data center where residential customers wouldn't be blocked.

Then there is this other barrage of crap coming from what claims to be BEZEQINT-CABLES which may be residential but I can't read Hebrew so who knows. Anyone that can translate Bezeqint's site and give us more clues would be greatly appreciated.

This one particular IP tried to crawl about 300 pages:

84.110.241.167 "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 4.0)"
Garden variety scraper or part of Picscout?

Hard to say.

However, we have found a new rash of activity while researching bezeqint.net looking for PicScout but these were all in my spam trap, no referrers, all one shot attempts to post something that was blocked, mostly about Viagra.

The spammers all came from these blocks:
inetnum: 84.110.208.0 - 84.110.223.255
netname: BEZEQINT-CABLES

inetnum: 84.110.224.0 - 84.110.239.255
netname: BEZEQINT-CABLES

inetnum: 84.110.240.0 - 84.110.255.255
netname: BEZEQINT-CABLES
Here's the big list which makes me wonder if it's DHCP or a botnet?
84.110.208.4 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.211.29 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.217.105 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.217.116 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.217.192 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.220.146 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.220.90 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.224.132 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.224.15 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.224.15 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.224.152 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.225.61 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.225.84 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.225.95 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.226.179 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.226.248 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.226.93 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.226.94 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.227.133 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.227.175 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.228.115 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.228.126 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.229.104 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.229.189 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.229.240 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.229.250 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.229.73 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.107 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.12 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.134 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.154 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.200 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.52 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.99 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.232.216 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.232.239 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.232.5 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.177 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.193 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.207 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.229 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.245 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.252 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.39 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.234.113 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.235.110 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.103 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.112 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.116 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.157 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.8 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.93 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.237.49 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.237.93 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.238.117 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.238.221 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.238.37 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.239.139 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.239.69 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.240.110 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.240.242 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.240.39 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.240.42 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.132 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.149 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.163 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.187 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.45 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.98 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.242.118 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.242.141 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.242.86 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.242.88 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.243.107 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.243.125 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.243.17 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.243.86 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.148 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.185 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.201 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.240 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.254 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.4 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.245.122 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.245.124 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.245.154 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.245.247 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.246.10 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.246.223 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.246.226 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.246.41 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.247.126 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.247.28 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.248.165 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.248.226 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.249.117 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.249.201 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.249.217 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.249.218 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.120 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.131 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.155 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.189 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.213 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.68 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.71 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.87 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.251.112 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.251.141 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.251.150 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.251.80 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.252.10 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.252.133 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.252.165 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.252.178 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.252.44 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.253.151 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.253.186 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.253.83 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.254.213 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.254.237 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.254.33 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.254.67 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.255.214 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.255.248 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.255.55 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.255.81 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.255.84 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Don't know what in the hell is going on with Bezeqint but I think I'm going to start tracking to see if I'm getting any legitimate traffic from there and if not, I'll just block their entire network as nothing good seems to be coming from them.

Monday, November 20, 2006

Abotcalypse Now

My goodness, I must be making those people that run bad bots afraid because the number of blog and comment posts decrying how I'm about to destroy the web are cropping up almost daily since my presentation at PubCon.

Assuming that the people making these posts are the same people causing the problems that drive me to the "extremes of mouth-frothing, profanity, and severe bot-blocking" you might think that they would take note that they are responsible for the bad behavior that might stop the next Google from being born.

Unfortunately I'm the "arrogant twit" as I'm so self-obsessed with my mission from hell that I'm oblivious to how my technology will wreck the net.

Riiiiiiiiiiiight.

You people running scrapers need to take stock of the damage you'll ultimately cause and stop trying to pass the blame my way.

I'm just a supplier of weapons in the war on bad bots so surrender now and save the web.

Nah, that would be too easy as they don't think they do anything wrong.

In summary, not being someone that wants to disappoint the author of that amusing post, I laughed so hard reading it because it was just too fucking funny, there's your profanity.

Enjoy.