Comments on: 12.163.72.13/Fetch API http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/ writes about tech, faith and whatever Tue, 06 Jan 2009 01:28:13 +0000 http://wordpress.org/?v=2.6.2 By: spocko http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-286 spocko Mon, 14 Mar 2005 22:05:25 +0000 http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-286 Hey thanks for looking this up. I've been getting hit from 12.163.72.13 as well. I'd like to think it is because I have such a lot of traffic (12 readers!) but it might just be that my blog was listed on a few other blogs with much higher traffic rates. I went to ARIN to see if there was any name associated with this number it just said it was an AT&T net account. AT&T WorldNet Services ATTSVCM-12-163-72-0 (NET-12-163-72-0-1) 12.163.72.0 - 12.163.79.255 Hey thanks for looking this up. I’ve been getting hit from 12.163.72.13 as well. I’d like to think it is because I have such a lot of traffic (12 readers!) but it might just be that my blog was listed on a few other blogs with much higher traffic rates.

I went to ARIN to see if there was any name associated with this number it just said it was an AT&T net account.

AT&T WorldNet Services ATTSVCM-12-163-72-0 (NET-12-163-72-0-1)
12.163.72.0 - 12.163.79.255

]]> By: Laura-Ann http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-285 Laura-Ann Fri, 11 Mar 2005 08:11:15 +0000 http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-285 I just came across this post while searching for that particular IP address. It's started appearing a lot on my logs, and it's bothering me as the address goes nowhere. Interesting to find someone else who mentions it as until now, I'd been at a loss about it. Spam and referrers are getting totally out of hand on my weblog. :) I just came across this post while searching for that particular IP address. It’s started appearing a lot on my logs, and it’s bothering me as the address goes nowhere.

Interesting to find someone else who mentions it as until now, I’d been at a loss about it. Spam and referrers are getting totally out of hand on my weblog.
:)

]]> By: Tom Raftery http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-284 Tom Raftery Wed, 02 Feb 2005 09:27:32 +0000 http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-284 Hi Ann, I have added the following code to my .htaccess file: RewriteCond %{REMOTE_ADDR} ^12\.163\.72\.13$ RewriteRule .* - [F,L] and it appears to have killed off accesses from this ip address. Hope this helps, Tom Hi Ann,

I have added the following code to my .htaccess file:

RewriteCond %{REMOTE_ADDR} ^12\.163\.72\.13$

RewriteRule .* - [F,L]

and it appears to have killed off accesses from this ip address.

Hope this helps,

Tom

]]> By: Ann Elisabeth http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-283 Ann Elisabeth Fri, 28 Jan 2005 10:23:58 +0000 http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-283 Will: Until I have seen examples of comments left with that referrer, I'm not willing to concede that this spammer is the same as theone leaving those tecrep spams. That's the Bulgarian spamming outfit. What I've found, is that normally, those are the most prolific, while the other spammers (on my blog) are less insistent. Will: Until I have seen examples of comments left with that referrer, I’m not willing to concede that this spammer is the same as theone leaving those tecrep spams. That’s the Bulgarian spamming outfit.

What I’ve found, is that normally, those are the most prolific, while the other spammers (on my blog) are less insistent.

]]> By: Will http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-282 Will Fri, 28 Jan 2005 03:16:26 +0000 http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-282 Ann, although they did start to disappear after awhile, I noticed that immediately after my block, they were still requesting for pages on my blog as though nothing at all was wrong. Though server keeps responding to their request with either a page not found, or a forbidden status code (404 or 403). After that, I had one more instance of comment spam on my blog and it all came from a user who had a UserAgent which contained the word: PCUser Also, with regards to the 12.163.72.13 address as a referrer. I've started to notice that there are IP addresses who have come sometimes from that address, and sometimes off another URL, which always contains the words "tecrep-inc.net". Or rather, they are using subdomains off that tecrep-inc.net domain. (eg: something.tecrep-inc.net) This proves that they are probably starting to evolve right now. Ann, although they did start to disappear after awhile, I noticed that immediately after my block, they were still requesting for pages on my blog as though nothing at all was wrong. Though server keeps responding to their request with either a page not found, or a forbidden status code (404 or 403).

After that, I had one more instance of comment spam on my blog and it all came from a user who had a UserAgent which contained the word: PCUser

Also, with regards to the 12.163.72.13 address as a referrer. I’ve started to notice that there are IP addresses who have come sometimes from that address, and sometimes off another URL, which always contains the words “tecrep-inc.net”.

Or rather, they are using subdomains off that tecrep-inc.net domain. (eg: something.tecrep-inc.net)

This proves that they are probably starting to evolve right now.

]]> By: cindy http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-281 cindy Fri, 28 Jan 2005 03:06:07 +0000 http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-281 I'll email you some more info on the spammer. I’ll email you some more info on the spammer.

]]> By: S-PAN http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-280 S-PAN Fri, 28 Jan 2005 01:07:22 +0000 http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-280 That one address I spoke of points back to: inetnum: 195.229.185.160 - 195.229.185.191 netname: DUBAL-EMIRNET descr: Dubal Aluminium Compnay descr: P.O. Box 3627, Dubai, UAE country: AE That one address I spoke of points back to:

inetnum: 195.229.185.160 - 195.229.185.191
netname: DUBAL-EMIRNET
descr: Dubal Aluminium Compnay
descr: P.O. Box 3627, Dubai, UAE
country: AE

]]> By: S-PAN http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-279 S-PAN Fri, 28 Jan 2005 01:05:04 +0000 http://www.annelisabeth.com/blog/2005/01/28/121637213fetch-api/#comment-279 I have this blocked for some reason... I often get these types of bots that access one page over and over for a period of time. No referrer at all. My latest one was at address 195.229.185.188. Just keeps hitting the same article. If your are curious... Here is my block list: deny from 12.119.251.194 deny from 12.163.72.13 deny from 64.42.84.222 deny from 64.40.102.41 deny from 64.234.220.141 deny from 65.75.134.180 deny from 65.110.62.100 deny from 65.16.29.72 deny from 66.154.52.84 deny from 66.154.7.47 deny from 66.230.165.43 deny from 67.18.52.66 deny from 67.19.111.242 deny from 69.50.163.50 deny from 69.50.160.0/19 deny from 69.50.166.18 deny from 69.50.170.122 deny from 69.50.191.27 deny from 69.93.255.211 deny from 80.58.2.235 deny from 80.202.225.70 deny from 80.202.228.62 deny from 80.203.53.240 deny from 80.202.225.5 deny from 80.202.227.69 deny from 81.31.38.25 deny from 81.38.38.4 deny from 82.194.62.16 deny from 82.194.62.17 deny from 82.201.187.136 deny from 148.223.48.226 deny from 161.58.59.8 deny from 195.229.185.188 deny from 205.209.177.70 deny from 208.53.138.124 deny from 208.63.116.194 deny from 213.172.36.62 deny from 213.10.206.246 deny from 216.185.111.40 deny from 217.57.78.70 deny from 217.160.161.6 deny from 219.150.118.16 I have this blocked for some reason… I often get these types of bots that access one page over and over for a period of time. No referrer at all. My latest one was at address 195.229.185.188. Just keeps hitting the same article.

If your are curious… Here is my block list:

deny from 12.119.251.194
deny from 12.163.72.13
deny from 64.42.84.222
deny from 64.40.102.41
deny from 64.234.220.141
deny from 65.75.134.180
deny from 65.110.62.100
deny from 65.16.29.72
deny from 66.154.52.84
deny from 66.154.7.47
deny from 66.230.165.43
deny from 67.18.52.66
deny from 67.19.111.242
deny from 69.50.163.50
deny from 69.50.160.0/19
deny from 69.50.166.18
deny from 69.50.170.122
deny from 69.50.191.27
deny from 69.93.255.211
deny from 80.58.2.235
deny from 80.202.225.70
deny from 80.202.228.62
deny from 80.203.53.240
deny from 80.202.225.5
deny from 80.202.227.69
deny from 81.31.38.25
deny from 81.38.38.4
deny from 82.194.62.16
deny from 82.194.62.17
deny from 82.201.187.136
deny from 148.223.48.226
deny from 161.58.59.8
deny from 195.229.185.188
deny from 205.209.177.70
deny from 208.53.138.124
deny from 208.63.116.194
deny from 213.172.36.62
deny from 213.10.206.246
deny from 216.185.111.40
deny from 217.57.78.70
deny from 217.160.161.6
deny from 219.150.118.16

]]>