April 12th, 2007
Psycheclone is a web bot used for harvesting e-mail addresses. It started to appear on web logs around June 2006. On one occasion, it accessed a blog 800 times, trying to look for additional links for e-mail harvesting.
In September/October 2006 many spam mails originating from this harvesting are being seen. Harvesters hit some spamtraps which encode ip and time in the email address like: 270706.073424.208.66.195.4 @ domain where the first part is the date and time in european format and the second one is the ip-address the http-request came from, thus proving the email harvesting activities. These spam mails are sent from large bot net, of probably infected/trojanized end user computers. They do not originate from the original ip addresses used for harvesting.
The content of those spam mails consists of a useless text part and a gif image of so called ‘Stock Trade Spam’ advertizing a company named TransAKT Ltd.
According to McColo the contract with Digital Infinity corp (operating 208.66.195.0/27) has been terminated somewhen lately and they don’t show up anymore in the ARIN registry.
The bot seems to come from several IP addresses:
208.66.195.2
208.66.195.8
208.66.195.7
208.66.195.5
208.66.195.3
208.66.195.9
208.66.195.10
208.66.195.11
208.66.195.4
208.66.194.179
Based on records from ARIN reveals that this web bot is owned by a company called Digital Infinity Ltd located in Moscow, Russia. The mailing address is listed as: Ostrovityanova str, 14, 200, Moscow, Russia. Their german phone numbers (on public record) is +495.9806635, Fax +495.9806635. The name of the owner of Digital Infinity Ltd is “Elena Balkina”.
Elena Balkina has been connected to spam before with linalinks.com. Please note the current owner of linalinks.com is no longer this person or her company. Elena’s company has been used to send spam for online pharmacies.
Posted in Uncategorized | No Comments »
April 12th, 2007
|
#1
 06-28-2006, 08:12 AM
|
|
Junior Member
|
|
Join Date: Jun 2006
Posts: 9 |
|
|
 Psycheclone
I checked my access logs from yesterday and an “entity” called psycheclone visitied nearly every page at my site. What is “psycheclone” and what is its purpose? Good or evil? At first I thought it might be a searchbot but could be mistaken.
If this is something I do not want around how do I prevent it from entering my site? Has this happened to anyone else?
|
|
#2
06-28-2006, 08:31 AM
|
 |
Moderator
|
|
Join Date: Feb 2006
Location: Somewhere where I don’t know where I am
Posts: 1,253 |
|
|
Yeah I’d block all of those stupid bots. I sure do.
Add this to your .htaccess file
Code:
SetEnvIfNoCase User-Agent "psycheclone" bad_bot Deny from env=bad_bot
Also some others you may want to block as well
Code:
SetEnvIfNoCase User-Agent "SurveyBot/2.3" bad_bot SetEnvIfNoCase User-Agent "ia_archiver" bad_bot SetEnvIfNoCase User-Agent "SBIder/0.8-dev" bad_bot SetEnvIfNoCase User-Agent "Mozilla/1.0" bad_bot SetEnvIfNoCase User-Agent "Mozilla/2.0" bad_bot SetEnvIfNoCase User-Agent "Mozilla/3.0" bad_bot SetEnvIfNoCase User-Agent "aipbot/1.0" bad_bot Deny from env=bad_bot
Also take a look at http://www.bluehostforums.com/showthread.php?t=647
This was an older way of doing the bot blocking, but I changed the format a bit. On that thread there are alot more bot you can block
__________________
Sign Up Now!
300 GB Storage, 3 TB Transfer, Host unlimited domain names, 1 Free Domain Name
BlueHost Features | BlueHost Help Desk | Become a BlueHost Affiliate | BlueHost CEO Blog
(888) 401-4678 | Create a support ticket
|
|
#3
07-01-2006, 08:34 PM
|
|
Junior Member
|
|
Join Date: Jun 2006
Posts: 9 |
|
|
Quote:
| Add this to your .htaccess file Code: SetEnvIfNoCase User-Agent “psycheclone” bad_bot Deny from env=bad_bot |
This is excellent advise but the problem is that I am a novice and do not know where my .htaccess file is and how to add the code to it. Hope I do not come across as dense but I am still in a steep upward learning curve process.
The reason I am asking is that the psycheclone bot returned this afternoon and again visited most of my pages- and used up a ton of bandwidth in the process. I was hoping the thing would just go away…
Thanks for your help,
Andy
|
|
#4
07-01-2006, 09:45 PM
|
 |
Senior Member
|
|
Join Date: Mar 2006
Location: Tulsa
Posts: 123 |
|
|
Quote:
| Originally Posted by some guy from mars
This is excellent advise but the problem is that I am a novice and do not know where my .htaccess file is and how to add the code to it. Hope I do not come across as dense but I am still in a steep upward learning curve process.
|
Your .htaccess file resides in your public_html (or root) folder. I don’t exactly recall but I think I had to make mine, then again it could have been there and I just added to it. My memory is fuzzy on that.
Quote:
| The reason I am asking is that the psycheclone bot returned this afternoon and again visited most of my pages- and used up a ton of bandwidth in the process. I was hoping the thing would just go away…
Thanks for your help,
Andy |
It’s not going to go away, once bots hit your site they tend to keep coming back unitl you block them. Either add that bit of code to your .htacces file or block the IP in your IP deny manager in Cpanel. Either way you need to stop this bot. According to dvessel (read more here) it’s a mail spam bot.
__________________
leave my elevator… alone.
between something and nothing
|
|
#5
07-06-2006, 11:38 PM
|
|
Junior Member
|
|
Join Date: Jun 2006
Posts: 13 |
|
|
From the cPanel use the File Manager link to go to (not surprisingly) the online File Manager for your account. Go into the public_html directory and create the .htaccess file then edit the file and drop in the text listed. Save and all is done.
If you have subdomain or other domains then also create a .htaccess in each “root” directory for the domain.
|
|
#6
07-07-2006, 11:14 AM
|
|
Junior Member
|
|
Join Date: Apr 2006
Location: North of Nottingham UK
Posts: 24
 
|
|
|
Some sound advice there..
I’ll be doing the same job on my site - TONIGHT!!!
Thanks people.
Nick.
__________________
Walk the walk… Talk the talk.
[urls]www.accent-gls.co.uk & www.sizzle4x.com
Plus the blog: http://uk.360.yahoo.com/nick106b
|
Posted in Uncategorized | No Comments »
April 12th, 2007
Over the past few days, a web bot is running all over the web trying to gather emails for spam harvesting. It uses links for new servers to hit and it is continuing to gather emails at astounding rate. On my web site alone, it’s had 880 hits. Maybe it couldn’t find things the first time? Who knows. Here’s some IP address info on this bot:
208.66.195.2
208.66.195.8
208.66.195.7
208.66.195.5
208.66.195.3
208.66.195.9
208.66.195.10
208.66.195.11
208.66.195.4
How to block this from your site using .htaccess:
<Limit GET POST>
order allow,deny
allow from all
deny from 208.66.195.0/28
</Limit>
Research on ARIN reveals that this web bot is owned by a company called Digital Infinity Ltd located in Moscow, Russia. The mailing address is listed as: Ostrovityanova str, 14, 200, Moscow, Russia.
If you would like to kindly tell them to stop harrassing the Internet, you can call them at these “supposed” numbers: Phone +495.9806635, Fax +495.9806635. The name of the owner is “Elena Balkina” and has been connected to spam before with linalinks.com. Please note the current owner of linalinks.com is no longer this person or her company. Elena’s company has been used to send spam for online pharmacies and who knows what else.
Posted in Uncategorized | No Comments »
April 12th, 2007
Not all that many 
Most are confined to the D Class.
McColo Corporation HURRICANE-CE1548-0922 (NET-64-62-243-0-1) 64.62.243.0 - 64.62.243.63
McColo Corporation HURRICANE-CE1548-0925 (NET-64-71-133-128-1) 64.71.133.128 - 64.71.133.191
McColo Corporation MCCOLO (NET-208-66-192-0-1) 208.66.192.0 - 208.66.195.255
McColo Corporation HURRICANE-CE1548-0927 (NET-64-62-228-0-1) 64.62.228.0 - 64.62.228.255
McColo Corporation HURRICANE-CE1548-0922 (NET-64-71-159-192-1) 64.71.159.192 - 64.71.159.223
McColo Corporation HURRICANE-CE1548-0924 (NET-64-71-177-0-1) 64.71.177.0 - 64.71.177.127
McColo Corporation HURRICANE-CE1548-0923 (NET-64-71-167-0-1) 64.71.167.0 - 64.71.167.127
McColo Corporation HURRICANE-CE1548-0921 (NET-64-62-198-128-1) 64.62.198.128 - 64.62.198.191
McColo Corporation HURRICANE-CE1548-0926 (NET-65-19-154-0-1) 65.19.154.0 - 65.19.154.127
McColo Corporation HURRICANE-CE1548-0920 (NET-64-62-171-128-1) 64.62.171.128 - 64.62.171.255
| On a side note, 2 nights ago i posted a new topic here titled snapbot and psycheclone checking to see if anyone else had heard of these, but it never showed up in the forums. Do i have to participate upto a certain number of posts before forums that are premoderated will look at my submissions? |
|
ALL new threads are moderated and await Dan’s approval.
On occassion if there are multiple submissions, he just passes one through (no need for duplication [or more]).
I have been trying to make one but only to find that no one could go on the site (not even me)
If there is anyone that would be willing to show me how to make a htaccess file so i can block
the “”badbots”" |
|
GMax,
It’s customary and beneficial if you both make some kind of effort at creating your own htaccess and then provide what you created seeking help.
The reason for your error (500) or denial to all (yourself included) is that you have a syntax error.
The Cpanel on your website access should have an option for making some additions to your active htaccess. (My host names it “IP Deny Manager”.
Here are some helpful web pages
This site will create an htaccess based on IP:
http://www.htaccesstools.com/block-ips/
The simplist tutorials
http://www.edginet.org/techie/website/htaccess.html
http://www.webhelpinghand.com/htaccess_deny.htm
http://www.javascriptkit.com/howto/htaccess.shtml
More complicated explanations
http://evolt.org/article/A_Cheesy_htaccess_Tutorial/18/226/evolt.org
http://baremetal.com/gadgets/htaccess/
http://www.dimi.uniud.it/labs/documentazione/roxen/parsed/Challenger1.2/User/htaccess/htaccess.html
Posted in Uncategorized | No Comments »
[