Oct 10, 2006

xbox.dedi.inhoster.com / xbox.inhoster.com abuse

mozilla/4.0 (compatible; msie 6.0; windows nt 5.1)
85.255.117.226 85.255.117.226-xbox.dedi.inhoster.com


This xbox robot comes in posting to the contact forms but not the blogs with his trackback links. Doesn't understand the error messages he gets or that he is wasting his time he just keeps hitting the contact form ever few days or so.

Should really be no trafic from inhoster.com since its not a ISP so its blocked.
Scrapers have also been reported on this domain.

Update: Trackback spam now poring in using a trackback agent.

net::trackback/1.01
85.255.114.132 85.255.114.132-xbox.dedi.inhoster.com
net::trackback/1.01
85.255.114.131 85.255.114.131-xbox.dedi.inhoster.com
net::trackback/1.01
85.255.114.133 85.255.114.133-xbox.dedi.inhoster.com
net::trackback/1.01
85.255.114.134 85.255.114.134-xbox.dedi.inhoster.com

net::trackback/1.01
85.255.113.78 85.255.113.78-xbox.inhoster.com
net::trackback/1.01
85.255.113.77 85.255.113.77-xbox.inhoster.com
net::trackback/1.01
85.255.113.76 85.255.113.76-xbox.inhoster.com


Also recomend adding this IP to your servers IP ban.

inhoster.com,Used by scraper robots - Trackback Spam

12 comments:

Matthew Bagley said...

Well sadly I have been having the same problem, however in this instance it has not been a robot but a physical person, I am waiting for another posting to see if the IP address is the same if so then I'll ban it, but I have alerted the authorities due to the nature of the attack.

http://www.paramiliar.com/articles.php?articleid=1

Anonymous said...

I found these 2 DNS sites in my network settings. Not sure how long they have been there.
85.255.116.116
85.255.112.175
If you go to www.inhoster.com that may be the root of the problem. You can report abuse to their site. I am not a network expert just wanted to know what this is.

webmaster said...
This comment has been removed by the author.
Matthew Bagley said...

Well sadly this bot has evolved into a right nasty thing, somehow it manages to get past the image protection script installed on my website, and when you consider that most humans cant read the text I dont see how it manages it. So what did I do to stop it? well several things.
first I created a new image protection script where an image is created that is very difficult to read unless you are a human, the image does not use any standard fonts to try and limit the OCR software reading it plus the characters are in random positions and are on a grey "noise" background, however this did not stop it.

Second I decided to block all forum code (e.g [url], [b], [i]) this worked for about two hours until the bot realised it wasn't working so instead posted the comments without any code.

So now I start to block the IP address's, however as I quickly found out the problem was not originating from one IP address, instead it was comming from multiple IP's that where also invalid and could not be traced so that was out of the question.

Finally I setup a badword script, and whenever a comment is posted I receive an email with its contents so I can add words to the badword script, so far this is working and has done for the past 2 weeks.

So to stop this anoying problem its best to setup a badwords list.

As for reporting the problem to inhoster.com I along with many others have reported the problem they are just not interested in solving it at all.

Andrew said...
This comment has been removed by a blog administrator.
Anonymous said...

85.255.112.195 is uploading to my system as I read this lol. I reported them to http://www.inhoster.com/abuse.php
But this is most likely a game to gain ranking by them .

Anonymous said...

It looks like some form of spyware/trojan is using *.inhoster.com servers as DNS and *.intercage.com servers as a proxy, to filter all the victims' web access through their servers.

Nate said...

I recently started seeing comments posted on my blog from this net block. It appears to be someone trying to figure out my comment system. I find that funny because I wrote it myself and my blog isn't at all high-traffic. Plus all of my comments are moderated. It is sad that worthless people like this waste their time like this.

inhoster's bane said...

Hi,

every once in a while I pop one of the evils I know inhoster.com for into a google searchbox and see what I can find them up to lately.

I see signs that you people don't seem to realise that inhoster.com is the criminal and you keep on letting them know they are bothering you by giving them feedback via their alleged abuse mechanism.

inhoster.com's ISP was esthost.com last time I checked, by every right esthost should cut them off but it looks more like the rest of the world will have to do it for them. (esthost appears to have changed name or have trading name of estdomains.com)

85.255.116.116; 85.255.112.175 - both bad addresses to use for DNS lookups unless you'd prefer to visit a site owned by criminals instead of whatever site you actually wanted to see - some lookups to those servers return correct IPs, most will return bulldust from people who are paying for hijacked clients.

You only need your ISPs Domain Name Server(s) in your DNS servers list, there are advanced reasons for using alternatives but if you are not advanced I'd suggest sticking by your ISP.

Most systems I exert influence over are blocking inhoster from one end of their address range to the other: 85.255.112.0 - 85.255.127.255 (again, last time I checked - prob same but worth checking before [re-]implementation on your firewalls!)

Google a few terms for your own benefit:

inhoster spam
xbox.dedi
inhoster pliers

do yourself a favour and at least add following to your hosts file (google term: hosts file)

127.0.0.1 inhoster.com
127.0.0.1 *.inhoster.com

(wildcards don't seem to be working in my hosts file at the moment but there is plenty to suggest they should.)

Happy surfing folks.

Anonymous said...

yah this is happeneing to me too.. i have 85.25.113.139 that was inserted into my network usage of their DNS...how weird....i am investigating it and will keep u updated

Anonymous said...

We started getting a ton of hits from several of these xbox.dedi.inhoster.com bots on our websites forum today. We are running VBulletin and nobody has been spamming the site. I will bookmark this page in the hopes that someone figures out what is going on with this.

Justin said...

Same issue here. It's smart, I have to admit. I had put in some effective (up until now) modifications to stop spambots and somehow it's getting around them.

I'm trying to block everything by inhoster and so far so good.