Post by sytra » Sat Jul 26, 2014 12:45 am

Hi

We have CrawlProtect on our site and it has blocked 36 hack attempts during July. Most of these I can see are genuine and need the IP blocking, however there is also a number of which that seem to originate from Google IP's the following few are eg:

NetRange: 66.249.64.0 - 66.249.95.255
CIDR: 66.249.64.0/19
OriginAS:
NetName: GOOGLE
NetHandle: NET-66-249-64-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
RegDate: 2004-03-05
Updated: 2012-02-24
Ref: http://whois.arin.net/rest/net/NET-66-249-64-0-1


OrgName: Google Inc.
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2013-08-07
Ref: http://whois.arin.net/rest/org/GOGL

OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc
OrgTechPhone: +1-650-253-0000
OrgTechEmail: arin-contact@google.com
OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN

OrgAbuseHandle: ZG39-ARIN
OrgAbuseName: Google Inc
OrgAbusePhone: +1-650-253-0000
OrgAbuseEmail: arin-contact@google.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ZG39-ARIN

This is the code used:
Xss: /index.php?_route_=http://www.aislings.co.uk/dreamgirl-int ... %5BR=301,L%
5D

AND:

NetRange: 66.249.64.0 - 66.249.95.255
CIDR: 66.249.64.0/19
OriginAS:
NetName: GOOGLE
NetHandle: NET-66-249-64-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
RegDate: 2004-03-05
Updated: 2012-02-24
Ref: http://whois.arin.net/rest/net/NET-66-249-64-0-1


OrgName: Google Inc.
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2013-08-07
Ref: http://whois.arin.net/rest/org/GOGL

OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc
OrgTechPhone: +1-650-253-0000
OrgTechEmail: arin-contact@google.com
OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN

OrgAbuseHandle: ZG39-ARIN
OrgAbuseName: Google Inc
OrgAbusePhone: +1-650-253-0000
OrgAbuseEmail: arin-contact@google.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ZG39-ARIN

This is the code they used:
Xss: /index.php?_route_=http://www.aislings.co.uk/dreamgirl-kit ... plus-size/
%5BR=301,L%5D


Is this a kind of hack attempt Google would try? and Why?
is it safe to block the IP's used or should I just let CP block the attempt each time?

Running OC 1.5.5.1 with vqmods.
http://www.aislings.co.uk
http://www.lovers-paradise-toys.co.uk


Active Member

Posts

Joined
Sat Feb 04, 2012 6:27 am

Post by rph » Sat Jul 26, 2014 1:55 am

Looks like there's a redirect error in your htaccess.

-Ryan


rph
Expert Member

Posts

Joined
Fri Jan 08, 2010 5:05 am
Location - Lincoln, Nebraska

Post by granddaddy » Sat Jul 26, 2014 1:58 am

Coincidentally there was a news article today on The Register, which is probably related. According to the article it's malicious bots marquerading as Google.
http://www.theregister.co.uk/2014/07/25 ... every_day/

Active Member

Posts

Joined
Sat Feb 18, 2012 5:48 pm
Who is online

Users browsing this forum: No registered users and 26 guests