Web Hosting Talk : Web Hosting Main Forums : Web Hosting : Multiple visits (hourly) from hostitcheap.com

[Cuddles]

I know this has been mentioned before in other threads, but I never found a definite solution...

We've been back up and running for just about 5 hours now, and I've already seen 60 hits from hostitcheap.com in my referer log. They're blocked in my .htaccess file (had to search and search to get definite IP addresses on them), but they're still showing up!

Is there ANY way to block them? They don't follow robots.txt either, btw.

[Bling Bling]

I emailed them and showed them all the info from one of my logs a while back and they said that its there users who run search bots from there hosting accounts that cause that.Sounds like BS to me.

[CrazyTech]

Strange, sounds like these guys have some problems.

[Cuddles]

Well, I've tried everything I can to block them, and they're STILL coming in. As of 2 minutes ago, 68 hits just from them. And it's obvious that they're doing it from somewhere other than the server their pages are hosted on, because I've got those IPs blocked.

[Coach]

First off, good to see another Kentucky web presence.

In regards to your solution for this problem, have you asked your host if they could drop that IP address for that site into IPTables? That would definitely block access.

[Cuddles]

Working on it now Coach. Thanks for the idea. If it doesn't work, what would you suggest next? Tried emailing them, and big suprise, it bounced. Tried emailing their upstream provider, and IT bounced too... Definitely something fishy going on.

BTW: What part of Kentucky are you in? Southeast here. (near the big chemical spill)

[akashik]

weird. I was checking the logs of a customer account yesterday and saw that domain showing up. Any idea what these guys are up to?

[Coach]

I'm right outside Lexington.

Outside dropping them in IPTables, I would bypass contacting the company and go straight to their upstream provider if they weren't being responsive to my requests. Contacting a company's upstream provider generally will get their attention. I emailed them a test message and it did not bounce.

ipadmin@intellispace.net
abuse@intellispace.net

[Cuddles]

Well, I just received an email from "security@intellispace.net" about this, and it looks like they've changed their excuse. It's not a client of theirs running a script anymore. It's someone on their dialup doing it. But for some reason, they can't stop him/her/it!

Quote:

To all: regarding spam "sent" from
"sandiego-ppp707.dial34.intellispace.net",
Please be assured that although we are aware of this individuals
presence, they do not infact utilize IntelliSpace services directly nor
indirectly.
They are forging thier mail headers to appear to reside on Intellispace's
network. If you would like to put an end to mail from this sender please
contact the administrators of the mailservers accepting the senders
unauthorised(?) mail relays to further obscure thier identity. Also feel
free to reference this to the FTC where there is an investigation
currently pending.

I thank you in advance for your assistance and understanding in this
matter.

Yours truly,
Intellispace Security

[Coach]

Quote:

Originally posted by akashik
weird. I was checking the logs of a customer account yesterday and saw that domain showing up. Any idea what these guys are up to?

I wouldn't doubt it if this were a spam-bot/email harvester. I haven't seen it personally, but that is what it sounds like to me. Usually bad bots will ignore your robots.txt file.

You could have a little fun with them by checking this out (courtesy of dixiesys.com)

http://www.emailharvest.com/

[Cuddles]

I emailed admin@intellispace.net and abuse@intellispace.net. The admin account bounced immediately.

[Coach]

Quote:

Originally posted by Cuddles
Well, I just received an email from "security@intellispace.net" about this, and it looks like they've changed their excuse. It's not a client of theirs running a script anymore. It's someone on their dialup doing it. But for some reason, they can't stop him/her/it!

That's an auto-responder regarding a spammer forging headers that they've gotten a lot of complaints about I'm sure and most likely a seperate issue with them.

No host can do anything about forged headers. It's something spammers do to try to cover their tracks.

[nuthin]

akashik: i'm pretty sure there "log spamming" .
its been around for a while, alot of porn websites have and continue to still do it.
basically their site address link will come up as a "refferer", and its highly unlikely they wouldve linked to your website.
so their spamming .
seen it on quite a few sites i monitor, now and in the past.

[AHFBWEB]

nuthin is correct, this is being pushed as the newest "viral" marketing tool. Based on the (correct) assumption that folks want to see what pages link to them, they are assured a very large percentage of clickthrus. Of course you will never find your URL on the page, regardless, many will still think they actually have a link on the page and will eventually follow the human instinct of doing business with those that send us business.

Dave

[coight]

Same here, we have quite a few from that domain. I thought it was just us.