vb.org Archive - View Single Post - Zb Block

adwade · #2 11-27-2010, 06:12 PM

In just a couple of days, ZB BLOCK has denied over 1,000 bad-bot behaviors on my website. Below is a sampling of my logs as a result of having it installed...

Code:

#: 14 @: Wed, 24 Nov 2010 00:39:55 -0500
Host: ks310145.kimsufi.com
IP: 188.165.200.113
Score: 1
Why blocked: kimsufi, forum spambots. . 
Query: 
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FREE; .NET CLR 1.1.4322)


#: 17 @: Wed, 24 Nov 2010 00:42:16 -0500
Host: ec2-174-129-146-20.compute-1.amazonaws.com
IP: 174.129.146.20
Score: 1
Why blocked: Amazon Web Services. Not an ISP. Used by hackers, Keyword spamming SEO bots, and other unsavories. Checked for bypass. 
Query: 
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)


#: 23 @: Wed, 24 Nov 2010 00:54:54 -0500
Host: 221.194.132.229
IP: 221.194.132.229
Score: 1
Why blocked: No registrations, or logins, from hosts listed as hostile on http://www.stopforumspam.com/ (remote). . . 
Query: do=register
User Agent: Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)


#: 28 @: Wed, 24 Nov 2010 01:42:22 -0500
Host: 61.135.167.74
IP: 61.135.167.74
Score: 1
Why blocked: Your computer is infected with Trojan Downloader tencenttraveler . Go to http://www.safer-networking.org and get Spybot Search & Destroy, clean your machine, then come back. 
Query: 
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322;TencentTraveler)


#: 35 @: Wed, 24 Nov 2010 02:08:52 -0500
Host: 212-95-58-200.local
IP: 212.95.58.200
Score: 1
Why blocked: Ecatel/internetserviceteam.com/netdirekt e.K./NetDirect/jmhservices.com notorious forum spammers. . 
Query: tag=tandem
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]


#: 47 @: Wed, 24 Nov 2010 02:30:43 -0500
Host: crawl5.dotnetdotcom.org
IP: 208.115.111.246
Score: 4
Why blocked: Dotbot - Paid Service SEO Service (Keyword Spamming Aides). SEOMOZ keyword scraper. Bad search spider. Ignores robots.txt. Offers an explosive .zip to those who try to use their services. Dotbot - Paid Service SEO Service (Keyword Spamming Aides). 
Query: ?
User Agent: Mozilla/5.0 (compatible; DotBot/1.1; http://www.dotnetdotcom.org/, crawler@dotnetdotcom.org)


#: 55 @: Wed, 24 Nov 2010 02:40:40 -0500
Host: ip-212-117-169-11.server.lu
IP: 212.117.169.11
Score: 1
Why blocked: Forum spamming bot, real announces as "AOL". . 
Query: 
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1; SV1; .NET CLR 1.1.4322)


#: 104 @: Wed, 24 Nov 2010 05:27:45 -0500
Host: serwer.exforum.pl
IP: 188.40.49.199
Score: 1
Why blocked: Referer code injection thru referer logging attempt, ++ after php, should be ? or +. . 
Query: 
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)


#: 113 @: Wed, 24 Nov 2010 05:45:36 -0500
Host: 178.73.204.111
IP: 178.73.204.111
Score: 1
Why blocked: Windows 95 is unusable. . 
Query: 
User Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; MSIECrawler)


: 122 @: Wed, 24 Nov 2010 07:05:02 -0500
Host: fiberlink-37-136.mioveni.rdsnet.ro
IP: 79.116.136.37
Score: 1
Why blocked: Bothost and/or Server Farm. . 
Query: 
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)


#: 183 @: Wed, 24 Nov 2010 11:51:53 -0500
Host: 213.186.120.196.utel.net.ua
IP: 213.186.120.196
Score: 1
Why blocked: RBN. 
Query: do=markread&markreadhash=guest
User Agent: Mozilla/5.0 (compatible; SiteBot/0.1; +http://www.sitebot.org/robot/)


#: 263 @: Wed, 24 Nov 2010 15:09:09 -0500
Host: 195.162.68.27
IP: 195.162.68.27
Score: 1
Why blocked: Your computer is infected with spyware/mail.ru_agent . Go to http://www.safer-networking.org and get Spybot Search & Destroy, clean your machine, then come back. . 
Query: 
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.3 (build 01218); .NET CLR 1.1.4322)


#: 323 @: Wed, 24 Nov 2010 21:29:54 -0500
Host: 131.51.150.178.triolan.net
IP: 178.150.51.131
Score: 1
Why blocked: RFI attack/SQL injection (nested percents, level 1). . . 
Query: f=25%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2BResult:%2B%2525E7%2525E0%2525F0%2525E5%2525E3%2525E8%2525F1%2525F2%2525F0%2525E8%2525F0%2525EE%2525E2%2525E0%2525EB%2525E8%2525F1%2525FC%2B%252528%2525E2%2525EA%2525EB%2525FE%2525F7%2525E5%2525ED%2B%2525F0%2525E5%2525E6%2525E8%2525EC%2B%2525F2%2525EE%2525EB%2525FC%2525EA%2525EE%2B%2525F0%2525E5%2525E3%2525E8%2525F1%2525F2%2525F0%2525E0%2525F6%2525E8%2525E8%252529%253b
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.0 Beta 1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)


#: 350 @: Wed, 24 Nov 2010 23:15:08 -0500
Host: dsl212-235-107-31.bb.netvision.net.il
IP: 212.235.107.31
Score: 2
Why blocked: ISP with a filthy reputation. netvision.net.il (filthy reputation ISP). . 
Query: 
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; APC; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50215; InfoPath.1)


#: 574 @: Thu, 25 Nov 2010 16:21:39 -0500
Host: 179.200-62-69.ftth.dyn.surewest.net
IP: 69.62.200.179
Score: 1
Why blocked: Windows 95 is unusable. . 
Query: dest=aHR0cDovL3ZpenJ0c2VydmVyLzo0MDgwL25vbmF1dGgvZGVueS5waHA/ZGVzdD1hSFIwY0RvdkwzWnBlbkowYzJWeWRtVnlMem8wTURnd0wyNXZibUYxZEdndlpHVnVlUzV3YUhBL1pHVnpkRDFoU0ZJd1kwUnZka3d6WkROa2VUVjVXbGRPTVdKWFNteGlibEo1WVZkU2JHTnVUWFZpTTBwdVRESmFkbU51Vm5SamVUbDZZVWM1TTJSSGFIbGFWMFpyVEc1Q2IyTkVPVEJRVkdONlRVRTlQU1pKUkQxTlZGRm5UbWM5UFNaRVFrdzkmSUQ9TVRRZ05nPT0mREJMPQ==&ID=MTQgNg==&DBL=
User Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; MSIECrawler)


#: 587 @: Thu, 25 Nov 2010 16:37:01 -0500
Host: 91-40-134-95.pool.ukrtel.net
IP: 95.134.40.91
Score: 4
Why blocked: Robot Probe. ukrtel, forum spambots. Filthy Russian Netblock. HTTP_REFERER pollution of serverlogs with spam ad word porn, we don't link from there. 
Query: 
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Deepnet Explorer 1.5.0; .NET CLR 1.0.3705)

#: 736 @: Fri, 26 Nov 2010 07:19:41 -0500
Host: 88.81.88.18
IP: 88.81.88.18
Score: 1
Why blocked: Referer code injection thru referer logging attempt, ++ after php, should be ? or +. . 
Query: 
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)

#: 863 @: Fri, 26 Nov 2010 13:20:06 -0500
Host: dynamic-adsl-62-10-64-128.clienti.tiscali.it
IP: 62.10.64.128
Score: 1
Why blocked: tiscali, constant source of forum spam attempts. 
Query: t=1122
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)

#: 1026 @: Sat, 27 Nov 2010 04:57:09 -0500
Host: comyoucom.net
IP: 109.169.41.22
Score: 7
Why blocked: g Rapidswitch, dangerous network. POST cloaking attempt POST-17. POST print attempt POST-19. POST RFI attempt POST-28. POST username forcing attempt POST-29. POST execution wedge via bbcode POST-31.0. POST execution wedge via bbcode POST-32. 
Query: 
User Agent: Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u)

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01246 seconds Memory Usage 1,804KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: