1

Does anyone knows this unfriendly Bot coming constantly from this IP-Adress 87.210.90.16 (Amsterdam), UserAgent is 'Java/1.7.0_67' ?

It scraped our whole site without any interruption and without to pause a bit between the requests

itinance
  • 111
  • 3
  • 2
    The IP address you provided is a subscriber IP with the domain name of ip16-90-210-87.adsl2.static.versatel.nl. This is a person at home or in a small office and would not indicate valid bot activity as it normally appears. – closetnoc Feb 07 '15 at 17:39
  • thx a lot for your comment. He/she/it scraped all of our > 12000 pages very quickly – itinance Feb 07 '15 at 17:43
  • Added an answer with some data and blocking code. – closetnoc Feb 07 '15 at 18:02

2 Answers2

2

Looks like your garden variety web scraper. Some website owner who lacks ethics is scraping your website.

John Conde
  • 86,255
  • 27
  • 146
  • 241
2

The IP address you provided is a subscriber IP with the domain name of ip16-90-210-87.adsl2.static.versatel.nl. This is a person at home or in a small office and would not indicate valid bot activity as it normally appears.

Here are some of the particulars:

AS13127 - Tele 2 Nederland B.V.

IP Address Range: 87.208.0.0 - 87.215.255.255

NetMask:

  • Block: 87.208.0.0/13
  • Base Address: 87.208.0.0
  • Broadcast Address: 87.215.255.255
  • Net Mask: 255.248.0.0
  • Host Mask: 0.7.255.255
  • Bits: 13
  • Size: 524288
  • 2nd Element: 87.208.0.2

You can block using the following:

Block single IP address using .htaccess:

RewriteCond %{REMOTE_ADDR} ^87\.210\.90\.16$ [NC]
RewriteRule .* - [F,L]

It is probably better to block the entire block since this is an ADSL line and the IP address is very likely DHCP (a leased IP) and therefore may/will change with each connect which is user directed. Keep in mind that this entire IP address block is comprised of users. If you do block the entire IP block, you are blocking everyone from this ISP which may or may not be worth it. You decide.

Block IP address block using .htaccess:

RewriteCond %{REMOTE_ADDR} ^87\.(2*[0-1]*[89012345]*)\.([0-2]*[0-5]*[0-5]*)\.([0-2]*[0-5]*[0-5]*)$ [NC]
RewriteRule .* - [F,L]

Block IP address block using Cisco CLI:

access-list [your acl name] deny ip 87.208.0.0 0.7.255.255 any
permit ip any any

Block IP address block using Nginx:

Edit nginx.conf and insert include blockips.conf; if it does not exist. Edit blockips.conf and add the following:

deny 87.208.0.0/13;

** Note: Please verify the Cisco and Nginx code before using and let me know if there is a problem. I am sure it is right- but will fix immediately if not.

closetnoc
  • 32,849
  • 4
  • 45
  • 69