Bloquer crawler Idaho SolutionPro




Mon serveur est attaqué par des crawlers venant des US Idaho. Ils  sont connus comme les Idaho crawlers. Les IP viennent d’un fournisseur SolutionPro.

Pour l’instant j’ai récupéré quelques IP à blacklister. Ce crawler change d’IP et de user agent. Voici une liste d’ip à blacklister dans .htaccess

deny from 206.80.96
deny from 206.207.64
deny from 207.70.0
deny from 207.70.3
deny from 209.19.128
deny from 209.19.1.91
deny from 209.19.101.99
deny from 209.19.114.90
deny from 209.19.13.84
deny from 209.19.138.101
deny from 209.19.138.103
deny from 209.19.138.104
deny from 209.19.138.105
deny from 209.19.138.106
deny from 209.19.138.107
deny from 209.19.141.4
deny from 209.19.146.66
deny from 209.19.147.22
deny from 209.19.151.211
deny from 209.19.152.66
deny from 209.19.152.67
deny from 209.19.152.68
deny from 209.19.152.69
deny from 209.19.152.70
deny from 209.19.152.71
deny from 209.19.152.72
deny from 209.19.152.73
deny from 209.19.152.75
deny from 209.19.152.76
deny from 209.19.152.77
deny from 69.5.238.177
deny from 209.19.152.76
deny from 207.70.25.61
deny from 209.19.170.60
deny from 206.207.80.172
deny from 206.207.80.165
deny from 206.80.115.126
deny from 209.19.191.166
deny from 206.207.116.61
deny from 209.19.170.56
deny from 209.19.138.108
deny from 209.19.189.166
deny from 206.80.118.124
deny from 209.19.179.10
deny from 209.19.138.101
deny from 209.19.170.62
#Ispped Idaho crawler
deny from 69.5.103.38
deny from 69.5.104.159
deny from 69.5.104.211
deny from 69.5.104.223
deny from 69.5.104.54
deny from 69.5.105.103
deny from 69.5.105.107
deny from 69.5.105.159
deny from 69.5.105.178
deny from 69.5.105.190
deny from 69.5.105.246
deny from 69.5.105.248
deny from 69.5.107.110
deny from 69.5.107.40
deny from 69.5.107.51
deny from 69.5.108.123
deny from 69.5.108.125
deny from 69.5.108.167
deny from 69.5.108.23
deny from 69.5.108.233
deny from 69.5.108.36
deny from 69.5.108.54
deny from 69.5.108.65
deny from 69.5.110.183
deny from 69.5.110.236
#

Policy ID: POL5014
Name: SolutionPro
Policy Type: Black List
(CIDR IP Ranges blocked for various offenses or bad behavior. See description below.)
Activity Type(s) content_scraper
Description SolutionPro attack ranges.Solution Pro os a col-location hosting, which means that any company wanting to « hide » could theoretically stick a server or two in their data-center, and thereby get to run behind other IP ranges.

Hard-hitting crawlers scraping sites with NO pause at all. Arriving from from many SolutionPro IPs and multiple ranges at the same time. Pretending to be a human running old MSIE 6.

Since similar Agent String and pattern arrive from other locations, I am hoping this is merely an indication of infected hosts and a botnet calling the shots..

It is, however, kind of suspicious that Solution Pro is also located in Boise Idaho, where a large block of other Mark Scanners send off their bots, using shells. It would be very easy for them to stick a server or two in a local CoLocation spot and continue pushing.

IP Range(s) Black or White listed
CIDR Range Start Range End Comment
207.70.0.0/18 207.70.0.0 207.70.63.255
209.19.128.0/18 209.19.128.0 209.19.191.255





  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

Si vous avez apprécié cet article, s’il vous plait, prenez le temps de laisser un commentaire
ou de souscrire au flux afin de recevoir les futurs articles directement dans votre lecteur de flux.

Laisser un Message