ExtortionLetterInfo Forums

ELI Forums => Getty Images Letter Forum => Topic started by: lucia on December 20, 2011, 04:33:49 PM

Title: bzq-109-66-7-15.red.bezeqint.net Hammering site
Post by: lucia on December 20, 2011, 04:33:49 PM

As some of you are aware, bezeqint.net is rumored to be the site from which picscout operates. Today, my site went down owing to high traffic resulting in excess memory usages. When I investigated my logs, the site has been hammered by bezequint.  The user agent is Java/1.6.0_25-- not picscout. 

We had a discussion previously about companies trying to gain access to sites by spoofing useragents.  Did the legal eagles every figure out the legal issues involved? Because this is a lot of hits from bezequint.

Title: Re: bzq-109-66-7-15.red.bezeqint.net Hammering site
Post by: Robert Krausankas (BuddhaPi) on December 20, 2011, 04:41:06 PM

the main issue would be the fact that they are not in the US, I'm fairly certain if they were here, they would be in a heap of trouble.

Title: Re: bzq-109-66-7-15.red.bezeqint.net Hammering site
Post by: Lettered on December 20, 2011, 04:55:07 PM

Came across this today.  I doubt it does any good, but it made me smile :) .

http://dcdirectactionnews.wordpress.com/legal-notice-to-getty-images-scanning-robot-picscout-is-not-authorized-to-access-this-site/

Title: Re: bzq-109-66-7-15.red.bezeqint.net Hammering site
Post by: Robert Krausankas (BuddhaPi) on December 20, 2011, 04:59:21 PM

Pretty amusing, I've seen them on several sites, I suppose one could argue that if you have this on your site and get a letter from getty, you might have a case against them..whether it would stand a chance is beyond me.. I real curious as to what their reaction would be if someone were to throw this back at them, my guess it's not written in the "script" anywhere.

Title: Re: bzq-109-66-7-15.red.bezeqint.net Hammering site
Post by: lucia on December 21, 2011, 06:31:30 PM

One of my blog readers sent me to a page that provides all the IP's for BEZEQ

http://www.robtex.com/as/as8551.html?tab=bgp

He asked me if .htaccess can block by CIDR ranges. I said yes, but I was clueless about how to create a list. So... HE is going to provide me the correct CIDR ranges. After that, I'll post the block for those who want to use it. 

I'll look for more... :)

Title: Re: bzq-109-66-7-15.red.bezeqint.net Hammering site
Post by: lucia on December 21, 2011, 07:02:30 PM

Evidently, if you wish to block bezeqint either because they hammer your site, because you want to keep picscout (rumored to rove from bezeqint) off or for any other reason, you want to add these deny's to your .htaccess:

deny from 31.168.0.0/16
deny from 62.219.0.0/16
deny from 79.176.0.0/13
deny from 80.74.96.0/20
deny from 81.218.0.0/16
deny from 82.80.0.0/15
deny from 84.108.0.0/14
deny from 85.114.96.0/21
deny from 85.130.128.0/17
deny from 91.192.200.0/22
deny from 109.64.0.0/14
deny from 192.114.11.0/24
deny from 192.114.12.0/22
deny from 192.114.16.0/20
deny from 192.114.32.0/19
deny from 192.114.64.0/18
deny from 192.114.128.0/17
deny from 192.115.0.0/16
deny from 192.116.0.0/15
deny from 192.118.0.0/16
deny from 212.25.64.0/18
deny from 212.179.0.0/16

After getting hammered yesterday, I'm adding these.